On 03/15/2013 10:47 PM, Matthew Ceroni wrote:
Well I found something that appears to work. I used the hints file. And
it correctly stripped off the host/ and domain.local.
However now I get the error
[eap] Identity does not match User-Name, setting from EAP Identity
[eap] Failed in handler
Modifying the "User-Name" attribute is a bad idea. It will, as you have
seen, break EAP.
Use another attribute - maybe define your own local one (see
raddb/dictionary and pay attention to the comments about numbering).
You were previously using Stripped-User-Name - just keep using that, and
move the "unlang" you wrote to the top of the "authorize" section i.e.:
authorize {
if (User-Name =~ /^h.../) {
...
}
...
}
One other alternative is to leave the username alone, and use the xlat
provided by the mschap module; specifically this:
%{mschap:User-Name}
...will expand this:
host/name.domain.com
...to this:
name$
Note the trailing dollar sign, which is windows-speak for "machine
account". This is required if, for example, you use Samba/ntlm_auth,
which requires "--username=host$" as the CLI argument.
I'm not sure what any of this has to do with the subject line, btw...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
