On 01/09/2013 08:42 PM, Matthew Ceroni wrote:
It appears that when Windows sends the username it sends it as
DOMAIN\\username.
The \\ causes the 5c to appear in the username. I confirmed this by
using the radtest tool and specifying the username as DOMAIN\\username.
A single \ causes the username to appear as DOMAINusername so that is
why double \\ are required.
No, you're misunderstanding what is going on.
"\" is the string escape character e.g. "\n" is "newline", "\t" is tab,
etc/. So to put a "\" in a quoted string needs "\\". FreeRADIUS in debug
mode is printing the same thing you would have to type.
That is, windows is only sending "DOMAIN\username"
"\" is then LDAP-escaped to \5c as per normal LDAP escaping rules.
As to why it's not working - I seriously doubt that you actually have:
sAMAccountNAme: DOMAIN\user
...in Active Directory. Are you sure this is what you have?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
