UserPrincipalName with ntlm_auth, trying to get it "right"
Alan DeKok
aland at deployingradius.com
Thu Jan 14 16:53:19 CET 2016
On Jan 14, 2016, at 10:47 AM, Mathieu Simon (Lists) <matsimon.lists at simweb.ch> wrote:
> That's what I somewhat ended up, learning another thing or two about
> FreeRADIUS: rlm_ldap is really different with 3.0 than 2.2, basically
> ldap.attrmap seems gone and I was looking in the wrong place.
>
> Alan: However even the branch for 3.1 doc/modules/ldap_howto.rst
> mentions it - is that still valid?
No. I'll go fix that.
> It seems getting the value from LDAP during a request is pretty easy
> after all, no need for extra scripts... hmm.
Yes. 3.0 / 3.1 are *much* simpler than version 2 for a lot of things.
> Then mschap used the obtained LDAP attribute instead of User-Name. That
> seemed to work after with eapol_test and some real devices.
If it works, it works... but there's no *guarantee* it will always work.
> Both "needs" both ways to be accepted. Would it be better to proxy all
> requests with a domain suffix to another (virtual) server and have
> rlm_mschap and rlm_ldap configured there differently for this purpose?
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list