Re: EAP-TLS - About username sent by supplicant

2007-12-14 Thread Alexism 

Hello,

I have the same problem but this procedure don't work in my environment
(FREERADIUS, OpenLDAP, SAMBA).

I have this eap error : rlm_eap: Identity does not match User-Name, setting
from EAP Identity.
  rlm_eap: Failed in handler

Can you send me your radiusd.conf ?

Regards



OLIVER Patrice wrote:
> 
> Hello,
> 
> It works, thanks. :)
> 
> Regards.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> To: FreeRadius users mailing list 
> Date: Fri, 14 Dec 2007 09:39:08 +
> Subject: Re: EAP-TLS - About username sent by supplicant
> 
>> Hi,
>> 
>> > My question deals with the username sent by the supplicant when the
>> authentication goes on. At
>> boot
>> > time, the username sent is : host/user_name. After the login, the
>> username sent is : user_name.
>> So, I
>> > have to create 2 users. I want to cut 'host/' to make this task easier.
>> It is possible ? How do I
>> do this ?
>> 
>> attr_filter or somesuch eg put these into radiusd.conf
>> 
>> attr_rewrite copy-user-name {
>> attribute = Stripped-User-Name
>> new_attribute = yes
>> searchfor = ""
>> searchin = packet
>> replacewith = "%{User-Name}"
>> }
>> 
>> attr_rewrite remove-host {
>> attribute = Stripped-User-Name
>> searchfor = "^(host/.*)"
>> searchin = packet
>> new_attribute = no
>> replacewith = "%{1}"
>> }
>> 
>> and then call these 2 functions in your authorize section
>> (radiusd.conf or sites-enabled/wherever (for FR 2.0) )
>> 
>> copy-user-name
>> remove-host
>> 
>> just before the other modules are called - eg chap, auth_log etc etc
>> 
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: 
http://www.nabble.com/EAP-TLS---About-username-sent-by-supplicant-tp14331648p14334549.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TLS - About username sent by supplicant

2007-12-14 Thread OLIVER Patrice 
Hello,

It works, thanks. :)

Regards.

-Original Message-
From: [EMAIL PROTECTED]
To: FreeRadius users mailing list 
Date: Fri, 14 Dec 2007 09:39:08 +
Subject: Re: EAP-TLS - About username sent by supplicant

> Hi,
> 
> > My question deals with the username sent by the supplicant when the 
> > authentication goes on. At
> boot
> > time, the username sent is : host/user_name. After the login, the username 
> > sent is : user_name.
> So, I
> > have to create 2 users. I want to cut 'host/' to make this task easier. It 
> > is possible ? How do I
> do this ?
> 
> attr_filter or somesuch eg put these into radiusd.conf
> 
> attr_rewrite copy-user-name {
> attribute = Stripped-User-Name
> new_attribute = yes
> searchfor = ""
> searchin = packet
> replacewith = "%{User-Name}"
> }
> 
> attr_rewrite remove-host {
> attribute = Stripped-User-Name
> searchfor = "^(host/.*)"
> searchin = packet
> new_attribute = no
> replacewith = "%{1}"
> }
> 
> and then call these 2 functions in your authorize section
> (radiusd.conf or sites-enabled/wherever (for FR 2.0) )
> 
> copy-user-name
> remove-host
> 
> just before the other modules are called - eg chap, auth_log etc etc
> 
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TLS - About username sent by supplicant

2007-12-14 Thread A . L . M . Buxey 
Hi,

> My question deals with the username sent by the supplicant when the 
> authentication goes on. At boot
> time, the username sent is : host/user_name. After the login, the username 
> sent is : user_name. So, I
> have to create 2 users. I want to cut 'host/' to make this task easier. It is 
> possible ? How do I do this ?

attr_filter or somesuch eg put these into radiusd.conf

attr_rewrite copy-user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}"
}

attr_rewrite remove-host {
attribute = Stripped-User-Name
searchfor = "^(host/.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}"
}

and then call these 2 functions in your authorize section
(radiusd.conf or sites-enabled/wherever (for FR 2.0) )

copy-user-name
remove-host

just before the other modules are called - eg chap, auth_log etc etc

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html