rewriting usernames

Christopher Carver ccarver at pennswoods.net
Thu Nov 16 10:56:00 CET 2006 

Quoting Kevin Bonner <keb at pa.net>:

> On Monday 13 November 2006 22:24, Christopher Carver wrote:
> > Hello,
> >
> > How do I rewrite the value of the User-Name attribute based on
> > Called-Station-Id?  I need to do a series of these logical decisions and
> > replace the username with username@<some-isp.com> based on what the value
> > of Called-Station-Id is.
> >
> > rlm_attr_rewrite seems the obvious choice, but I can't figure out how to
> > use various instances of that module only when Called-Station-Id has a
> > certain value.
> >
> > It seems like a strange thing to need to do, but I've thought about our
> > problem and this is really the only scalable way.  I can give a lot of
> > background as to why, but I figured I would ask the question first.  So,
> > does anyone have any ideas?
> >
> > Also, thank you for all the hard work on Freeradius.  Its a great piece of
> > software.
> >
> > Thanks
> >
> > Chris Carver
>
> Not a crazy question at all.  We used a hints file entry like:
>
> DEFAULT Called-Station-Id =~ "^(012)?3456789$"
>         User-Name := "%{User-Name}@some-isp.com"
>
> After that, it's pretty easy.  Just make sure the some-isp.com realm is in
> proxy.conf and it should act like any other normal request.
>
> Kevin Bonner
>

Thanks for the reply, Kevin.  You got me on the right track, but I still don't
quite have it right.  It seems as though the users file can only manipulate
reply A/V pairs.  I am using mysql to authorize and authenticate, so, I need
rlm_sql_mysql to see the new and changed User-Name.  This means I need to
modify the User-Name on the access-request list of A/V pairs.  Something like
this...

DEFAULT Called-Station-Id =~ "^(012)?3456789$"
        %{request:User-Name} := `%{request:User-Name}@isp.com`,
        Fall-Through = yes

But that doesn't work.  See if I do just:

DEFAULT Called-Station-Id =~ "^(012)?3456789$"
        User-Name := `%{request:User-Name}@isp.com`,
        Fall-Through = yes

The reply packet just has the User-Name attribute changed.  That doesn't do what
I want, because I aut with rlm_sql_mysql and it needs to see the changed
username with the suffix added.

Any ideas?  Anyone?

Thanks,

Chris Carver
Network Engineer

More information about the Freeradius-Users mailing list