Serge van Namen <svna...@snow.nl> wrote: > > I accomplished to strip the username, it authenticates successfully against > LDAP. > But eventually it fails on EAP I think, because the username isn't the > original from the request. > > [snipped] > users: Matched entry DEFAULT at line 7 > modcall[authorize]: module "files" returns ok for request 3 > What does this do?
You must not change User-Name at all...I suspect somewhere in your configuration you are doing so to try to fix another problem. If you want the User-Name to be realmless then use Stripped-User-Name or use unlang to populate something like Tmp-String-0. > rlm_ldap: - authorize > rlm_ldap: performing user authorization for userA > radius_xlat: '(uid=userA)' > radius_xlat: 'ou=y,ou=people,dc=example,dc=com' > What are you xlat'ing? Can we see your configuration? Are you using ldap xlat to set User-Name? If so, don't! Cheers -- Alexander Clouter .sigmonster says: fortune: not found - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html