UPN and mschap issues
Franks Andy (IT Technical Architecture Manager)
Andy.Franks at sath.nhs.uk
Sat Nov 28 18:03:05 CET 2015
Thanks all for your contributions on this, REALLY appreciate this list! I'll keep coming here, until the management replace it all with clearpass or something equally non-fun, looming sadly..
Andy
________________________________________
From: Freeradius-Users [freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] on behalf of A.L.M.Buxey at lboro.ac.uk [A.L.M.Buxey at lboro.ac.uk]
Sent: 28 November 2015 12:12
To: FreeRadius users mailing list
Subject: Re: UPN and mschap issues
Hi,
dont use User-Name - you cant play with that..instead either work on the stripped-user-name
or create your own attribute locally and use that on the ntlm_auth line
what you need to do is some regex to turn the current User-Name, or stripped-user-name
that has already dealt with the realm part giving you just the stripped name.... into the
format you need for it to match the saMAccountname
perhaps some people should have been made aware of all this in some form of change management
process before the AD was messed around with?
FreeRADIUS will let you do what you want using regex and recombining the results of the regex
into the format you want..... but external systems like Office365...well, they will
probably be a big headache if you migrate to them
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list