--On Saturday, 22 July 2006 11:19 +0200 Krämer Armin <[EMAIL PROTECTED]> wrote:

Thanks, i tried out this now and got the following warning:


rlm_ldap: performing user authorization for host/notebook-armin
Sat Jul 22 12:25:24 2006 : Debug: WARNING: Attempt to use unknown xlat
function, or non-existent attribute in string %{mschap:User-Name}
Sat Jul 22 12:25:24 2006 : Debug: radius_xlat:
'(&(uid=)(objectclass=radiusprofile))'
Sat Jul 22 12:25:24 2006 : Debug: radius_xlat:
'ou=users,ou=radius,dc=ak-server,dc=de'


And the search finishes with "NOT FOUND"


rlm_ldap: waiting for bind result ...
Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: Bind was successful
Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: performing search in
ou=users,ou=radius,dc=ak-server,dc=de, with filter
(&(uid=)(objectclass=radiusprofile))
Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: object not found or got
ambiguous search result
Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: search failed


Any idea fort this? Looks like the searchString is complete emty now??

I made an LDAP Entry which looks like " uid=host/notebook-armin$ "

Thanks for answering!

Greetings

Armin





-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] Im Auftrag von James J J Hooper
Gesendet: Samstag, 22. Juli 2006 10:31
An: FreeRadius users mailing list
Betreff: Re: Since 2 Month noone any idea how to do this ? Stripping
Username Question *important*



--On Saturday, 22 July 2006 09:23 +0200 Krämer Armin
<[EMAIL PROTECTED]>  wrote:


Hi,

im working with machine authentication and EAP-TLS Zertifikates.

When a machine authenticates  I get the name of the mchine like
"host/250-IT"  and the search String on LDAP is like "host/250-IT".

I nee the searchString at LDAP like 250-IT$. How can I strip away that
host/ and add $ for the search at the LDAP Directory?


In your LDAP section of radiusd.conf, replace this:
%{Stripped-User-Name:-%{User-Name}}
with this:
%{Stripped-User-Name:-%{mschap:User-Name}}

Regards,
   James


Sorry, what i suggested may only work in the mschap section, not in the LDAP bit... :(


James.

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to