Authentication issues

David le Roux david.leroux at miller.co.uk
Tue Jun 21 14:39:07 UTC 2022 

>> Thanks Michael,
>>
>>> You have to configure your new RADIUS server to ignore the "host/" realm.
>>
>> How do I do that? I've tried several solutions but none seem to work.
>
> See the FAQ for "I tried to do stuff, and it didn't work".

Which FAQ?

>  What did you do?  What happened?

I won't have all the details anymore and it would probably just be a list of "how-not-to-do-this" examples anyway. What happened was that nothing changed and the errors reported the same issue.

>  The server gives MANY ways to re-write attributes, to copy attributes, and to reference them.

I just need one way to get rid of the host/ portion. The old server uses an attr_rewrite module but that is now deprecated.

This is what the old server uses:

       attr_rewrite findthewlan {
                attribute = Called-Station-Id
                # may be "packet", "reply", "proxy", "proxy_reply" or "config"
                searchin = packet
                searchfor = "(^.*:)(.*)"
                replacewith = "%{2}"
                ignore_case = no
                new_attribute = no
        #       max_matches = 10
        #       ## If set to yes then the replace string will be appended to the original string
                append = no
        }

        attr_rewrite copyusertocertcn {
                attribute = Cert-CN
                new_attribute = yes
                searchfor = ""
                searchin = packet
                replacewith = "%{User-Name}"
        }


         attr_rewrite removehostportion {
                attribute = Cert-CN
                # may be "packet", "reply", "proxy", "proxy_reply" or "config"
                searchin = packet
                searchfor = "(host/)(.*)"
                replacewith = "%{2}"
                ignore_case = no
                new_attribute = no
        #       max_matches = 10
        #       ## If set to yes then the replace string will be appended to the original string
                append = no
        }

>  You've set "check_cert_cn" in mods-available/eap.
>
>  Can you think of any way to have that refer to another attribute?

No. Does it even need to be there?

>  Can you think of any way to copy the User-Name to another attribute?  Perhaps with editing?

You've lost me. Why would I want to copy the User-Name to another attribute? What am I achieving?

> The server comes with extensive documentation and debugging.  This problem *is* solvable, if you follow a careful process.

I'm doing my best and still getting lost. There might be extensive documentation but I haven't yet found what I'm looking for.

>  Alan DeKok.
________________________________


Miller Homes Limited Registered in Scotland - SC255429
2 Lochside View, Edinburgh Park, Edinburgh, EH12 9DH

Disclaimer: The Information in this e-mail is confidential and for use by the addressee(s) only. It may also be privileged. If you are not the intended recipient please notify us immediately on +44 (0) 870 336 5000 and delete the message from your computer: you may not copy or forward it, or use or disclose its contents to any other person. We do not accept any liability or responsibility for: (1) changes made to this email after it was sent, or (2) viruses transmitted through this email or any attachment.

Miller Homes Limited <https://www.millerhomes.co.uk>

More information about the Freeradius-Users mailing list