Re: [PacketFence-users] Stripped User-name manipulation

Tim DeNike Wed, 03 Jul 2013 05:12:49 -0700

Ended up having to proxy the @domain.name to NPS RADIUS and change
packetfence virtual server to still run post-auth scripts on it.



DOMAIN\username, username, and usern...@domain.name all work and report
under username in packetfence.


On Tue, Jul 2, 2013 at 10:47 AM, Francois Gaudreault <
fgaudrea...@cloudops.com> wrote:

> That's why you can do it in radius/custom.pm ;)
>
> FG
>
> On 2013-07-02 10:39 AM, Tim DeNike wrote:
> > I'm sure I could do it there. But I like to keep upgrades as easy as
> > possible.  :)
> >
> > Sent from my iPhone
> >
> > On Jul 2, 2013, at 10:00 AM, Francois Gaudreault
> > <fgaudrea...@cloudops.com <mailto:fgaudrea...@cloudops.com>> wrote:
> >
> >> That might be easier to do within the pf code instead of FR.  If I am
> >> right, look at radius.pm <http://radius.pm>
> >>
> >> FG
> >>
> >> On 2013-07-02 8:28 AM, "Tim DeNike" <tim.den...@mcc.edu
> >> <mailto:tim.den...@mcc.edu>> wrote:
> >>
> >>     Easier said than done when Windows automagically authenticates as
> >>     Domain\\username, and the machine doesnt send the domain\\
> >>     component, and you need users to get in the habit of using
> >>     u...@domain.com <mailto:u...@domain.com> in preparation for a
> >>     federated deployment and want all user activity to be under one
> >>     account in packet-fence.
> >>
> >>     As it sits right now, i can make it work, but i end up with 2
> >>     users per user in PF.  username and DOMAIN\\username both show up
> >>     under username.  but username@domain shows up as username@domain.
> >>
> >>     Ideally, id like to list our users as just username and users
> >>     from other domains that pass through PF to show as user@domain.
> >>
> >>
> >>     On Mon, Jul 1, 2013 at 8:34 PM, Francois Gaudreault
> >>     <fgaudrea...@cloudops.com <mailto:fgaudrea...@cloudops.com>> wrote:
> >>
> >>         If you play with username within RADIUS, that will break EAP.
> >>
> >>         People without domain are proxied to the default realm. So if
> >>         you see a
> >>         username without a domain in PF, just assume the default domain
> >>         associated with it... or tell the users to use the proper
> format.
> >>
> >>         FG
> >>
> >>         On 2013-07-01 9:38 AM, Tim DeNike wrote:
> >>         > Just an off-hand question here.  Can I take the stripped
> >>         user-name and
> >>         > ADD a domain to it?
> >>         >
> >>         > Say users are authenticating via 802.1x as DOMAIN\user or
> >>         just user
> >>         > (Which maps to the same realm), but I also want them to be
> >>         able to to
> >>         > auth as u...@domain.name <mailto:u...@domain.name>
> >>         <mailto:u...@domain.name <mailto:u...@domain.name>>.
> >>         >
> >>         > Id want to record all of it to one user in PF and it would
> >>         mesh more
> >>         > with other things we are doing if the users always authed
> >>         as their
> >>         > email address.
> >>         >
> >>         > That make sense?
> >>         >
> >>         >
> >>         >
> >>
> ------------------------------------------------------------------------------
> >>         > This SF.net <http://SF.net> email is sponsored by Windows:
> >>         >
> >>         > Build for Windows Store.
> >>         >
> >>         > http://p.sf.net/sfu/windows-dev2dev
> >>         >
> >>         >
> >>         > _______________________________________________
> >>         > PacketFence-users mailing list
> >>         > PacketFence-users@lists.sourceforge.net
> >>         <mailto:PacketFence-users@lists.sourceforge.net>
> >>         >
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >>
> >>
> >>         --
> >>         Francois Gaudreault
> >>         Architecte de Solution Cloud | Cloud Solutions Architect
> >>         fgaudrea...@cloudops.com <mailto:fgaudrea...@cloudops.com>
> >>         514-629-6775 <tel:514-629-6775>
> >>         - - -
> >>         CloudOps
> >>         420 rue Guy
> >>         Montréal QC  H3J 1S6
> >>         www.cloudops.com <http://www.cloudops.com>
> >>         @CloudOps_
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >>         This SF.net <http://SF.net> email is sponsored by Windows:
> >>
> >>         Build for Windows Store.
> >>
> >>         http://p.sf.net/sfu/windows-dev2dev
> >>         _______________________________________________
> >>         PacketFence-users mailing list
> >>         PacketFence-users@lists.sourceforge.net
> >>         <mailto:PacketFence-users@lists.sourceforge.net>
> >>         https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >>     This SF.net <http://SF.net> email is sponsored by Windows:
> >>
> >>     Build for Windows Store.
> >>
> >>     http://p.sf.net/sfu/windows-dev2dev
> >>     _______________________________________________
> >>     PacketFence-users mailing list
> >>     PacketFence-users@lists.sourceforge.net
> >>     <mailto:PacketFence-users@lists.sourceforge.net>
> >>     https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >>
> >>
> ------------------------------------------------------------------------------
> >> This SF.net <http://SF.net> email is sponsored by Windows:
> >>
> >> Build for Windows Store.
> >>
> >> http://p.sf.net/sfu/windows-dev2dev
> >> _______________________________________________
> >> PacketFence-users mailing list
> >> PacketFence-users@lists.sourceforge.net
> >> <mailto:PacketFence-users@lists.sourceforge.net>
> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> >
> >
> ------------------------------------------------------------------------------
> > This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> >
> >
> > _______________________________________________
> > PacketFence-users mailing list
> > PacketFence-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Francois Gaudreault
> Architecte de Solution Cloud | Cloud Solutions Architect
> fgaudrea...@cloudops.com
> 514-629-6775
> - - -
> CloudOps
> 420 rue Guy
> Montréal QC  H3J 1S6
> www.cloudops.com
> @CloudOps_
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Stripped User-name manipulation

Reply via email to