Proxy.conf realms

Matthew Ceroni matthewceroni at
Sat Mar 16 17:24:36 CET 2013

Thanks. I will try this.

The subject line was because I was trying to match it to a realm and
thought by doing it that way I could get it to strip off what I needed.

On Saturday, March 16, 2013, Phil Mayers <p.mayers at> wrote:
> On 03/15/2013 10:47 PM, Matthew Ceroni wrote:
>> Well I found something that appears to work. I used the hints file. And
>> it correctly stripped off the host/ and domain.local.
>> However now I get the error
>> [eap] Identity does not match User-Name, setting from EAP Identity
>> [eap] Failed in handler
> Modifying the "User-Name" attribute is a bad idea. It will, as you have
seen, break EAP.
> Use another attribute - maybe define your own local one (see
raddb/dictionary and pay attention to the comments about numbering).
> You were previously using Stripped-User-Name - just keep using that, and
move the "unlang" you wrote to the top of the "authorize" section i.e.:
> authorize {
>   if (User-Name =~ /^h.../) {
>     ...
>   }
>   ...
> }
> One other alternative is to leave the username alone, and use the xlat
provided by the mschap module; specifically this:
> %{mschap:User-Name}
> ...will expand this:
> host/
> this:
> name$
> Note the trailing dollar sign, which is windows-speak for "machine
account". This is required if, for example, you use Samba/ntlm_auth, which
requires "--username=host$" as the CLI argument.
> I'm not sure what any of this has to do with the subject line, btw...
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list