Policy to split domain and host
Hi list, I'm searching the best way to configure a policy to split the domain and the prefix ' /host' when it is a computer connection. The initial UserName is like this: host/computername.DOMAIN.LOCAL I can already easily split the /host by policy and realm configuration but I don't know how I can do when there is double delimiter in the same UserName ? Thanks for your reply. __ Nicolas CLO Industrial and Network Technician ITS Section RICOH INDUSTRIE FRANCE SAS 144, route de Rouffach, 68920 WETTOLSHEIM Tel: +33 (0) 3 89 20 48 84 nicolas@ricoh-industrie.fr | www.ricoh-thermal.com inline: 0E069074.gifinline: 0E984006.jpg- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Policy to split domain and host
On 08/16/2013 08:24 AM, nicolas@ricoh-industrie.fr wrote: Hi list, I'm searching the best way to configure a policy to split the domain and the prefix ' /host' when it is a computer connection. You probably don't want to do this. Instead, you probably want to use the expansion: %{mschap:User-Name} ...which correctly transforms: host/name.domain.com ...to: name$ ...which is the correct form of the samaccountname for an AD computer account, which is I assume what you're dealing with. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Policy to split domain and host
Nice, thanks But in this case, how to tell Freeradius to use this variable when it's a host connection ? Because, I had already split User-Name variable into Stripped-User-name and use that into post-auth section to log correct syntax user. So if I tell Freeradius to used variable %{mschap:User-Name}, I think it will be logging original request UserName, no ? How to define a second post auth request when it's a host ? For example, I want the Stripped-UserName into sql postauth table when it's a user and the variable %{mschap:User-Name} when i'ts a host connection. Thanks. Nicolas CLO On 08/16/2013 08:24 AM, nicolas@ricoh-industrie.fr wrote: Hi list, I'm searching the best way to configure a policy to split the domain and the prefix ' /host' when it is a computer connection. You probably don't want to do this. Instead, you probably want to use the expansion: %{mschap:User-Name} ...which correctly transforms: host/name.domain.com ...to: name$ ...which is the correct form of the samaccountname for an AD computer account, which is I assume what you're dealing with. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html