LDAP AD and SAMCompatibleName
Alan DeKok
aland at deployingradius.com
Wed Mar 20 02:42:24 UTC 2024
On Mar 20, 2024, at 12:33 PM, Andrei Katsuk <steep8 at gmail.com> wrote:
> What if the user enters the wrong REALM (for example we expect
> EXAMPLE\bob but the user writes WRONG\bob ) ?
> Will the user be authenticated in this case?
Of course not. FreeRADIUS doesn't randomly authenticate users.
The point of configuring the "realm" module and the sample "realm foo { ... }" configurations was to define those as known quantities. Other realms won't be known, and therefore won't work.
You could test this yourself in 5 minutes by trying it, and reading the debug outposts.
> I want to reject
> authentication in this case.
> Also rlm_ldap supports several ldap servers and it seems we can not
> just compare all REALMs with known constants.
I have no idea what that means.
If you want to define known realms, I've shown you the template for how to do that. If you want the server to authenticate other realms, then please explain that requirement in detail.
What isn't helpful is the "peek a boo" approach of gradually explaining more requirements across multiple messages. Explain what you want to. Be specific.
It is much more difficult to help people when the requirements are vague and changing.
Alan DeKok.
More information about the Freeradius-Users
mailing list