split_username_nai clobbering user-name?
Alan DeKok
aland at deployingradius.com
Mon Oct 17 21:49:21 CEST 2016
On Oct 17, 2016, at 11:53 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
>
> Hopefully the final issue I have porting this config!
>
> I'm using the suffix module for proxying, and the split_username_nai policy.
>
> If I put suffix before split, everything is fine. If I put split before suffix, proxying breaks because the suffix module seems to use Stripped-User-Name.
Yes. That's by design, unfortunately. It's so you can have multiple prefixes / suffixes, and have the modules just do the right thing.
> For my configuration, I don't think it matters which order I call the module and the policy in, but I'm surprised by the behaviour - I can't see the policy updating the User-Name entry.
It updates the Stripped-User-Name. Which is the default user name for suffix, LDAP lookups, etc.
You can just write some "unlang" yourself to re-implement the "suffix" module.
Alan DeKok.
More information about the Freeradius-Users
mailing list