Cut domain from username
Alan Buxey
alan.buxey at gmail.com
Mon Aug 13 18:10:29 CEST 2018
don't play with user-name - just ensure that you are logging the stripped
username and that you are, for acct, proxying the stripped name
alan
On 13 August 2018 at 15:59, Алексей Морозенко <alexmorozenko at gmail.com>
wrote:
> Hi to all.
> I've set up FreeRADIUS(3.0.17)+LDAP(FreeIPA) and everything works..
> ..but some people put domain in their's login (like username at domain.com or
> even username at gmail.com)
> Authorization succeds (because of use of Stripped-User-Name) but I see
> username at domain.com logins in my Wifi console.
> Another issue is that FreeRADIUS proxies acct requests to the gateway where
> group based policy is applied. There is no username at domain.com in LDAP,
> just username, so I have empty group and minimal access
> Of course, I can administratively prohibit logins with @domain.com (filter
> policy), but maybe there is more elegant way to just convert User-Name
> in Stripped-User-Name regardless of user input?
> Thanks in advance.
> --
> Best regards, Alex Morozenko
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list