Policy to split domain and host

2013-08-16 Thread nicolas . clo 

Hi list,

I'm searching the best way to configure a policy to split the domain and the 
prefix ' /host' when it
is a computer connection.

The initial UserName is like this:

host/computername.DOMAIN.LOCAL

I can already easily split the /host by policy and realm configuration but I 
don't know how I can do
when there is double
delimiter in the same UserName ?

Thanks for your reply.

 
  __ 
 


   
  Nicolas CLO  
  Industrial and Network Technician
  ITS Section  
   



   
  RICOH INDUSTRIE FRANCE SAS   
  144, route de Rouffach, 68920 WETTOLSHEIM
  Tel: +33 (0) 3 89 20 48 84   
  nicolas@ricoh-industrie.fr  |  www.ricoh-thermal.com 
   






inline: 0E069074.gifinline: 0E984006.jpg-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Policy to split domain and host

2013-08-16 Thread Phil Mayers 

On 08/16/2013 08:24 AM, nicolas@ricoh-industrie.fr wrote:

Hi list,

I'm searching the best way to configure a policy to split the domain
and the prefix ' /host' when it is a computer connection.


You probably don't want to do this.

Instead, you probably want to use the expansion:

%{mschap:User-Name}

...which correctly transforms:

host/name.domain.com

...to:

name$

...which is the correct form of the samaccountname for an AD computer 
account, which is I assume what you're dealing with.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Policy to split domain and host

2013-08-16 Thread nicolas . clo 

Nice, thanks

But in this case, how to tell Freeradius to use this variable when it's a host 
connection ?
Because, I had already split User-Name variable into Stripped-User-name and use 
that into post-auth
section to log correct syntax user.
So if I tell Freeradius to used variable %{mschap:User-Name}, I think it will 
be logging original
request UserName, no ?

How to define a second post auth request when it's a host ?

For example, I want the Stripped-UserName into sql postauth table when it's a 
user and the variable
%{mschap:User-Name} when i'ts a host connection.

Thanks.


Nicolas CLO



On 08/16/2013 08:24 AM, nicolas@ricoh-industrie.fr wrote:
 Hi list,

 I'm searching the best way to configure a policy to split the domain
 and the prefix ' /host' when it is a computer connection.

You probably don't want to do this.

Instead, you probably want to use the expansion:

%{mschap:User-Name}

...which correctly transforms:

host/name.domain.com

...to:

name$

...which is the correct form of the samaccountname for an AD computer
account, which is I assume what you're dealing with.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html