Freeradius + AD authentication passing Domain+User
Alejandro Cabrera Obed
aco1967 at gmail.com
Thu Jun 22 16:49:30 CEST 2017
Thanks to all, Iwill try later and I will follow your advice.
Any failure, I'll keep in touch with you again.
Regards!!!
2017-06-22 11:46 GMT-03:00 Enrico Polesel <epol.lists at gmail.com>:
> Hi all,
>
> On Thu, Jun 22, 2017 at 4:11 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > >
> > > Sending Access-Request of id 220 to 127.0.0.1 port 1812
> > > User-Name = "alejandro at domain.com <alcabrera at g-bapro.net>"
> >
> > Is the account in AD called "alejandro at domain.com"? Or is it just
> > alejandro ?
> >
> > Again... if you're testing a user in AD, you just need to test with the
> > username that's in AD. There is simply no reason to do anything else.
> >
>
> Remember that AD has TWO usernames: the sAMAccountName (old style NetBios)
> and the userPrincipalName (new style, kerberos), the latest also includes
> the domain.
>
> BUT windbind (and ntlm_auth) uses the sAMAccountName username, so be sure
> to pass that name and not the new userPrincipalName.
>
> Cheers,
> Enrico
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
--
// Alejandro //
More information about the Freeradius-Users
mailing list