Alan DeKok a écrit :
Thanks for your answers.
[EMAIL PROTECTED] wrote:
Hello,
The problem is when a computer tries to authenticate, the User-Name sent
is "host//computername/", but in ldap we have entrie like
/computername/$. So we have some attr_rewrite that removes host/ and
adds the dollar sign.
Why? You can just create a *new* attribute, Stripped-User-Name, with
the updated contents. Then, configure the ldap module to look first for
Stripped-User-Name, and then User-Name:
foo = "... %{Stripper-User-Name:%{User-Name}} ..."
See doc/variables.txt
In the radiusd.conf config file, the %{Stripped-User-Name} is correctly
created from %{User-Name}.
%{User-Name} looks like "host/computername" and is not modified,
%{Stripped-User-Name} looks like "computername$"
In the ldap module, it is %{Stripped-User-Name} that is used.
rlm_ldap finds correctly the entry, but EAP
complains about the user name change: "*rlm_eap: Identity does not match
User-Name, setting from EAP Identity.**
rlm_eap: Failed in handler"
Then... don't edit the User-Name. There's no need to edit it.
Alan DeKok.
I have made some tests with and without the %{User-Name} change, but
nothing helps
I have another question: How does the EAP/MSCHAPV2 authentication work ?
which username/password couples does it take ? and with which database
does it compare to ?
Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ce message et toutes les pièces jointes sont établis à l'attention exclusive de
leurs destinataires et sont confidentiels. Si vous recevez ce message par
erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur.
L'internet ne permettant pas d'assurer l'intégrité de ce message, le contenu de
ce message ne représente en aucun cas un engagement de la part de Adeo Services.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
