Change username for MSCHAPv2
Gabriele Verzeletti
gabriele at verzeletti.org
Fri Jun 30 17:53:19 CEST 2017
Hello, I have a freeradius 3.0.10-1.1 running on openSUSE leap.
I need to authenticate users for WiFi access WPA2 Enterprise, using PEAP
and MSCHAPv2 against Active directory.
User account are identified by userPrinciplaName, but ntlm_auth is not
able to authenticate using this attribute, it looks into samAccountName.
With an external script I'm able to performa a query on active directory
and retrieve the samAccountName, but if I update the attribute User-Name
using
authorize {
update request {
User-Name := `/path/to/my/script '%{User-Name}'`
}
..
..
..
I have an error in the log
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Identity does not match User-Name, setting from EAP Identity
(0) eap: Failed in handler
(0) [eap] = invalid
(0) } # authenticate = invalid
Is there any way to perform this account translation before send request
to EAP ?
Thanks to all
Gab
More information about the Freeradius-Users
mailing list