Re: Problems with User-Name/Stripped-User-Name
Erling Paulsen wrote: Only that, if there is a 'Stripped-User-Name' attribute in the request, it seems that the server automatically uses this instead of 'User-Name' when proxying. Ah, yes. I didn't know the server does that. Question for Alan: in src/main/proxy.c should we check the value of realm.striprealm before overwriting the User-Name with the Stripped-User-Name? I fixed it a little dirty by rewriting the stripped username to the 'Hint' attribute - using %{Hint} in the ldap filter, and then 'User-Name' can be used in all its full glory for EAP proxy to the remote server. If I ever must use the Hint attr I will remake a better solution. You could add an additional attribute at the end of /etc/raddb/dictionnary for that purpose. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with User-Name/Stripped-User-Name
Nicolas Baradakis [EMAIL PROTECTED] wrote: Question for Alan: in src/main/proxy.c should we check the value of realm.striprealm before overwriting the User-Name with the Stripped-User-Name? Sure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with User-Name/Stripped-User-Name
Hello. Is it possible to have the stripped username stored somewhere, even if I set 'nostrip' for a realm in proxy.conf? My setting is this, and this is the only problem I have left on my server: 01 I have a realm example.com, and this realm has 'nostrip' in it's definition in proxy.conf 02 If I detect it's an EAP request I proxy it to another realm (in the users file) and this works great - as '[EMAIL PROTECTED]'. 03 If it's not an EAP request I want the local LDAP module to handle the request, just that I now need the stripped username, and the realm has already made it 'nostrip'. Here I want just 'user' instead of '[EMAIL PROTECTED]'. If I change the filter in the LDAP module to match on %{Stripped-User-Name}, then this is offcourse empty. It would be nice to %have some way to make both User-Name and Stripped-User-Name exist at the %same time. If I remove the 'nostrip' from the realm it works for local ldap module handling but not for proxy to remote server for EAP, because that server requires the full non-stripped username. Any hints as to fix this little problem? - Erling -- |sig|--- [EMAIL PROTECTED] Nettseksjonen, ITavd UiT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with User-Name/Stripped-User-Name
Erling Paulsen wrote: Is it possible to have the stripped username stored somewhere, even if I set 'nostrip' for a realm in proxy.conf? You can create the attribute Stripped-User-Name with an other module than rlm_realm. For example, you could have in radiusd.conf: modules { attr_rewrite copy.user-name { attribute = Stripped-User-Name new_attribute = yes searchin = packet searchfor = replacewith = %{User-Name} } attr_rewrite strip.user-name { attribute = Stripped-User-Name new_attribute = no searchin = packet searchfor = @.*$ replacewith = max_matches = 1 } ... } authorize { copy.user-name strip.user-name ... } -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html