First Last Prev Next    This bug is not in your last search results.
Bug 55580 - Windows radius login option "Automatically use my Windows logon name and password (and domain if any)" not supported
Windows radius login option "Automatically use my Windows logon name and pass...
Status: NEW
Product: UCS
Classification: Unclassified
Component: Radius
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-01-18 16:27 CET by Jürn Brodersen
Modified: 2023-01-18 17:18 CET (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2023-01-18 16:27:17 CET 
Windows radius login option "Automatically use my Windows logon name and password (and domain if any)" not supported.

Windows can be set up to automatically use the login credentials to login to a wifi network [1]. This fails on UCS systems because Windows adds the domain (or the hostname on unjoined systems) to the username. E.g. "DOMAIN\mustermann".

We need to remove the doamin part or other wise we don't find the user in the ldap.

We already have something similar for computer accounts:
https://git.knut.univention.de/univention/ucs/-/blob/5.0-2/services/univention-radius/modules/univention/radius/utils.py#L43

If you implemented this feature, please check these scenarios (I'm not sure how Windows handles them):

- Unjoined system
- Joined system -> login using SAM account format like "DOMAIN\mustermann"
- Joined system -> login using UPN account format like "mustermann@my.domain"

TBD:
Do we just want to remove the domain part or do we want to check it against the UCS domain?

[1] https://social.technet.microsoft.com/Forums/windows/en-US/257fbbd4-f8e6-44a5-a40a-6780e7115531/8021x-authentication-client-sends-username-as-pcnameusername?forum=winserverNAP
First Last Prev Next    This bug is not in your last search results.