Accept both machine auth and user with domain auth
Trevor Jennings
tjennings at gmail.com
Sun Jun 26 23:11:55 CEST 2016
Hello,
I am trying to configure freeradius to accept either machine auth (using
host/<user>.<domain>) or user authentication (user at domain when they come
from Eduroam).
Previously I had in the mschap module for the ntlm_auth:-
"--username=%{mschap:User-Name}"
Which works fine for users without domains and machine authentication.
For Eduroam, because they have the domain included, I decided to replace
mschap:User-Name with %{Stripped-User-Name} which works except it broke
machine authentication.
While researching this issue, I came across a configuration for ntlm_auth
using the following:-
"--username-=%{%{Stripped-User-Name}:-%{mschap:User-Name}}"
Which I assume means if Stripped-User-Name is null, then use
mschap:User-Name?
I do not understand what I would need to do to achieve this. Would I need
to set 'nostrip' under the realm for the domain of that user
authenticating?
Cheers,
- Trevor
More information about the Freeradius-Users
mailing list