proxy wildcard realms (subdomains)
Stefan Winter
freeradius-users-ml at stefan-winter.de
Fri Jun 17 08:28:52 CEST 2005
Hello!
> hi - i after much searching the archives i couldn't find a good way to
> proxy to subdomains of a domain:
>
> user at xxx.yyy.zz.domain.com
>
> for any number of subdomains under a given domain.com (inlcuding nil).
>
> is this possible? (i don't want the username stripped)
There are two possible solutions to this. The first is to use the "users" file
to match the User-Name against a regular expression that matches your wishes
(using the =~ operator) and setting a Proxy-To-Realm attribute hint when the
expression matches.
The other possibility - which is much more intuitive - is to apply a patch to
the FreeRADIUS sources that allows you to define wildcard realm matching in
the realm sections of proxy.conf (where I strongly think it belongs - why
would you want to define realms in the *users* file when there are dedicated
realm definitions?).
The patch was posted by Rok Papez to the users and devel mailing lists some
time ago. If you don't find it, just drop me a private mail and I'll send you
a copy.
BTW, I have recently learned during the TERENA Networking Conference that this
patch is in a much more widespread use than I thought it was, being deployed
in a worldwide educational RADIUS infrastructure by many countries (some
participants of www.eduroam.org). So, you can probably consider it being
quite stable. It's a pity that it is not being considered for inclusion into
the official source code.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
More information about the Freeradius-Users
mailing list