split_username_nai clobbering user-name?

Alan DeKok aland at deployingradius.com
Mon Oct 17 21:49:21 CEST 2016

On Oct 17, 2016, at 11:53 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> Hopefully the final issue I have porting this config!
> I'm using the suffix module for proxying, and the split_username_nai policy.
> If I put suffix before split, everything is fine. If I put split before suffix, proxying breaks because the suffix module seems to use Stripped-User-Name.

  Yes.  That's by design, unfortunately.  It's so you can have multiple prefixes / suffixes, and have the modules just do the right thing.

> For my configuration, I don't think it matters which order I call the module and the policy in, but I'm surprised by the behaviour - I can't see the policy updating the User-Name entry.

  It updates the Stripped-User-Name.  Which is the default user name for suffix, LDAP lookups, etc.

  You can just write some "unlang" yourself to re-implement the "suffix" module.

  Alan DeKok.

More information about the Freeradius-Users mailing list