LDAP AD and SAMCompatibleName
David B Funk
dbfunk at engineering.uiowa.edu
Tue Mar 19 03:00:33 UTC 2024
On Tue, 19 Mar 2024, Andrei Katsuk wrote:
>> Are you sure about that 'SAMCompatibleName' attribute name? Our AD forest only
>> has 'sAMAccountName' and it doesn't contain the "REALM\" part of the value only
>> "sAMAccountName=user".
>
>
> You are right, there is no SAMCompatibleName attribute and
> sAMAccountName contains only username.
> SAMCompatibleName is just the format of a legacy account name (example
> REALM\user, where REALM is netbios name)
> It seems we can not use a simple filter in this case but maybe there
> are some other ways ?
>
> Thanks,
> Andrei
Could you get people to use "username at REAL" syntax instead of "REALM\username" ?
There's code in Radius land to deal with username at something"
Alternatively if all your users are going to be in the same "REALM\" you could
add a local ulang snippet to test for your expected "REALM\", strip it off and
then test the "username" via sAMAccountName
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
More information about the Freeradius-Users
mailing list