Cut domain from username

Алексей Морозенко alexmorozenko at gmail.com
Mon Aug 13 16:59:03 CEST 2018


Hi to all.
I've set up FreeRADIUS(3.0.17)+LDAP(FreeIPA) and everything works..
..but some people put domain in their's login (like username at domain.com or
even username at gmail.com)
Authorization succeds (because of use of Stripped-User-Name) but I see
username at domain.com logins in my Wifi console.
Another issue is that FreeRADIUS proxies acct requests to the gateway where
group based policy is applied. There is no username at domain.com in LDAP,
just username, so I have empty group and minimal access
Of course, I can administratively prohibit logins with @domain.com (filter
policy), but maybe there is more elegant way to just convert User-Name
in Stripped-User-Name regardless of user input?
Thanks in advance.
--
Best regards, Alex Morozenko


More information about the Freeradius-Users mailing list