[RADIATOR] Stripping out Domain

Zod Mansour zod at reachlocal.com
Wed Nov 18 14:34:00 CST 2009 

That worked for me. Thanks. I also added:
RewriteUsername s/(.*)\@(.*)/$1/

for Realms. So I have:

RewriteUsername s/(.*)\\(.*)/$2/
RewriteUsername s/(.*)\@(.*)/$1/

thx,
zod

On Nov 17, 2009, at 11:38 PM, Hugh Irvine wrote:

>
> Hello Zod -
>
> The RewriteUsername can be either global, per Client, or per Handler.
>
> RewriteUsername is not supported in the AuthBy clause.
>
> So you should have this:
>
>
> <Handler Client-Identifier=LDAPCLIENT>
> 	RewriteUsername s/(.*)\\(.*)/$2/
> 	<AuthBy LDAP2>
> 		.....
> </Handler>
>
>
> regards
>
> Hugh
>
>
> On 18 Nov 2009, at 06:28, Zod Mansour wrote:
>
>> Radiator 4.5
>> I am trying to strip out the Active Directory domain from the ldap
>> authentication but I am not succeeding.
>> How can I remove this RLCORP\ ?
>> Attributes:
>> 	User-Name = "RLCORP\hilla.shprung"
>> I am using:
>>   RewriteUsername s/(.*)\\(.*)/$2/
>>
>>
>>
>> radius.cfg:
>>
>> # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
>>
>> #Foreground
>> #LogStdout
>> LogDir		/var/log/radius
>> DbDir		/etc/radiator
>> # Use a low trace level in production systems. Increase
>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>> Trace 		3
>>
>> #RewriteUsername s/(.*)\\(.*)/$1/
>> # You will probably want to add other Clients to suit your site,
>> # one for each NAS you want to work with
>> <Client DEFAULT>
>> 	Secret	testing123
>> 	DupInterval 0
>> 	Identifier LDAPCLIENT
>> </Client>
>>
>> #	<AuthBy FILE>
>> #		Filename %D/users
>> #		EAPType PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-V2,FAST
>> #	</AuthBy>
>> #	# Log accounting to a detail file
>> #	AcctLogFileName	%L/detail
>> <Handler Client-Identifier=LDAPCLIENT>
>> 	<AuthBy LDAP2>
>> 		RewriteUsername s/(.*)\\(.*)/$2/
>> 		Debug 255
>> 		EAPType PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-V2,FAST
>> 		EAPTLS_CAFile %D/cert/cacert.pem
>> 		EAPTLS_CertificateFile /etc/radiator/cert/server.key.pem
>> 		EAPTLS_PrivateKeyFile %D/cert/radius.key
>> 		EAPTLS_CertificateType PEM
>> 		ServerChecksPassword
>> 		NoDefault
>> 		Host localhost
>> 		Port 389
>> 		BaseDN dc=reachlocal,dc=com
>>             # see /etc/openldap/slapd.conf
>> 		AuthDN          cn=Manager, dc=reachlocal, dc=com
>> 		AuthPassword    mypass
>> 		UsernameAttr uid
>> 		#EncryptedPasswordAttr cryptpw
>> 		PasswordAttr userPassword
>> 		#PasswordAttr passwd
>> 		#SearchFilter
>> 		#EAPType LEAP
>> 		#NoEAP
>> 		AutoMPPEKeys
>> 		StripFromReply Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-
>> Group- ID, Filter-Id, cisco-avpair
>> 		#AddToReply Tunnel-Medium-Type=802,Tunnel-Pvt-Group-ID=28,Tunnel-
>> Type=VLAN
>> 		AddToReply Service-Type = Framed-User, Framed-Protocol =
>> PPP,TUNNEL_TYPE=VLAN,TUNNEL_MEDIUM_TYPE=802,TUNNEL_GROUP_ID=28
>> 	</AuthBy>
>> </Handler>
>>
>>

More information about the radiator mailing list