Freeradius + AD authentication passing Domain+User
Enrico Polesel
epol.lists at gmail.com
Thu Jun 22 16:46:50 CEST 2017
Hi all,
On Thu, Jun 22, 2017 at 4:11 PM Alan DeKok <aland at deployingradius.com>
wrote:
> >
> > Sending Access-Request of id 220 to 127.0.0.1 port 1812
> > User-Name = "alejandro at domain.com <alcabrera at g-bapro.net>"
>
> Is the account in AD called "alejandro at domain.com"? Or is it just
> alejandro ?
>
> Again... if you're testing a user in AD, you just need to test with the
> username that's in AD. There is simply no reason to do anything else.
>
Remember that AD has TWO usernames: the sAMAccountName (old style NetBios)
and the userPrincipalName (new style, kerberos), the latest also includes
the domain.
BUT windbind (and ntlm_auth) uses the sAMAccountName username, so be sure
to pass that name and not the new userPrincipalName.
Cheers,
Enrico
More information about the Freeradius-Users
mailing list