Michael,
Unforunately, the "with_ntdomain_hack" will indeed break proper eap
checking. There is another way to accomplish what you're wanting though
while keeping the security that patch provides. Instead of using
with_ntdomain_hack, try this. If you're just wanting to completely
discard the domain portion, try setting the hints file with the
following:
DEFAULT Prefix = "<YOUR_DOMAIN>\", Strip-User-Name = Yes
Hint = <YOUR_DOMAIN>
Then you can use the Stripped-User-Name attribute in your authorization
checks. This will also leave the original User-Name attribute alone, so
it will match the EAP Identity (as it should).
If, on the other hand, you're wanting to know the domain, try setting up
prefix realms to match the domains and use the \ character as the
delimiter. This way, you will also have the Stripped-User-Name
attribute to check on as above while leaving the original User-Name as
it (and therefore matching the EAP Identity).
It's better to work with the security code than to remove it. :)
--
--Mike
----------------------------------
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
On Fri, 2004-01-16 at 17:32, Michael Gernoth wrote:
> The report was from a CVS checkout this morning. I just did a
> cvs update and recompiled, but it did not solve the problem.
> When looking at eap.c, your patch from November is already
> applied.
>
> After commenting the offending part out (and fixing PEAP), I
> get authenticated...
> Below is what I did to get it working.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
