My FR server is successfully receiving Access-Requests from my wifi AP (XP supplicant) using PEAP/EAP-TLS. However, the received User-Name is formatted "Domain\\User". I have read the docs regarding realms and proxy.conf and believe the following should work:
(In radiusd.conf) realm MY-DOMAIN-NAME { format = prefix delimiter = "\\" ignore_default = yes ignore_null = yes } (In proxy.conf) realm DEFAULT { type = radius authhost = LOCAL accthost = LOCAL } I have also tried "realm MY-DOMAIN-NAME" rather than "DEFAULT" in proxy.conf with no difference. "with_ntdomain_hack" is set to "no" wherever referenced, as it is my understanding using the realms module is the preferred method (?) My ldap filter is: filter = "(sAMAccountName=%u)" and running with "-X" I get the following: rad_recv: Access-Request packet from host 192.168.12.231:2057, id=0, length=156 User-Name = "MY-DOMAIN-NAME\\username" NAS-IP-Address = 192.168.12.231 Called-Station-Id = "000d0b6b9250" Calling-Station-Id = "000e356529b4" NAS-Identifier = "000d0b6b9250" NAS-Port = 56 Framed-MTU = 1400 State = 0x9eafe6f8023c0c59423b42f6c92b96f4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xc8ce70994f2aba8a00f4ba8561979c20 ... then ... rlm_ldap: - authorize rlm_ldap: performing user authorization for MY-DOMAIN-NAME\\username radius_xlat: '(sAMAccountName=MY-DOMAIN-NAME)' radius_xlat: 'CN=Users,DC=mydomain,DC=branch,DC=corp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in CN=Users,DC=mydomain,DC=branch,DC=corp, with filter (sAMAccountName=MY-DOMAIN-NAME) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Authenticating via (hard-wired) telnet works as expected and %u contains the username without any domain prefix, of course. A suggestion as to what I may have missed would be appreciated. TIA, Laker __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html