add realm to user based on NAS-IP

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Wed Apr 11 15:59:30 CEST 2007


>>
>> DEFAULT NAS-IP-Address == 10.0.0.1, Proxy-To-Realm := "realm"
>>
>>
>> Ah yes, still the top entry should have worked, username would have to 
>> be rewritten in hints file.
>>
>> Or with attr_rewrite.
>>   
> Yippiieee,
> 
> the request has been sent through to the home-server. Still need to work 
> on the username but i don't expect
> big problems with that.
> 
> Thanks to both of you
> 

A word of warning with the username, if your using EAP then the username
is also sent within the EAP tunnel. If the username sent in the eap 
tunnel and the username sent in the access request packet don't match, 
then the user will be rejected.

So if you rewrite the username at the proxying server, be sure to have 
the relevant hint on the home_server to rewrite the username back into 
it's original form :)

And sorry your were having problems, I forgot the : in the 
Proxy-To-Realm. :(

-- 
Arran Cudbard-Bell (ac221 at sussex.ac.uk)
Authentication Authorisation & Accounting Officer
Infrastructure Services | ENG1 FF08
EXT:3900



More information about the Freeradius-Users mailing list