UPN and mschap issues

Franks Andy (IT Technical Architecture Manager) Andy.Franks at sath.nhs.uk
Sat Nov 28 18:03:05 CET 2015

Thanks all for your contributions on this, REALLY appreciate this list! I'll keep coming here, until the management replace it all with clearpass or something equally non-fun, looming sadly..

From: Freeradius-Users [freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] on behalf of A.L.M.Buxey at lboro.ac.uk [A.L.M.Buxey at lboro.ac.uk]
Sent: 28 November 2015 12:12
To: FreeRadius users mailing list
Subject: Re: UPN and mschap issues


dont use User-Name - you cant play with that..instead either work on the stripped-user-name
or create your own attribute locally and use that on the ntlm_auth line

what you need to do is some regex to turn the current User-Name, or stripped-user-name
that has already dealt with the realm part giving you just the stripped name.... into the
format you need for it to match the saMAccountname

perhaps some people should have been made aware of all this in some form of change management
process before the AD was messed around with?

FreeRADIUS will let you do what you want using regex and recombining the results of the regex
into the format you want..... but external systems like Office365...well, they will
probably be a big headache if you migrate to them

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list