In auth request packet, Stripped-User-Name attribute value wrongly rewritten by radius server
Adarsha S
s.adarsha at gmail.com
Mon Apr 7 09:58:46 CEST 2014
Hi,
I'm currently using free radius server versioned 2.1.12
[freeradius-server-2.1.12].
I'm having a setup where clients get authenticated by Windows AD 2003 server.
It uses stripped-user-name attribute.
I'm having free radius 2.1.12 as the radius server.
The username are provided as DomainName\Username.
Various combination of Domain name and user name worked but when ever
the username starts with "t" or "n" the authentication failed.
Network capture showed that the backslash delimiter between domain and
username combined with specific letters are translated to special
characters.
\n = new line
\r = return
\t = tab
Eg:
During authentication, the usernames goes as "DOMAIN\timcopy. We are
supposed to strip the domain name along with the "\" and populate the
sAMAccount name with the username timcopy.
But the username gets converted as "DOMAIN imcopy" which is then used
as the sAMAccount name.
I was getting the authentication problem when I used "timcopy" as the
username and success when I used "kiran" as the username.
On further looking into code could make out ,
On receiving the request packet at radius server side, rlm is adding
the the new attribute stripped-user-name [attr number 1043] and
updating the value as "DOMAIN imcopy"
Here \timcopy got converted as "<tab space>imcopy"
Please let me know the solution for this problem.
Thanks,
Adarsha
More information about the Freeradius-Users
mailing list