Username Rewrites based on Hint / Realm

tnt at kalik.net tnt at kalik.net
Wed Oct 15 23:40:37 CEST 2008


if(whatever) {
     update request {
           User-Name := ...

Ivan Kalik
Kalik Informatika ISP


Dana 15/10/2008, "Javier Fox" <jfox at corp.spiritone.com> piše:

>Thanks for the pointer.  I'm not entirely certain as to the proper place
>to put such a thing, though.  The examples I've been able to pull up
>show others using 'if' statements and such in the 'authorize' block,
>after calling preprocess.  However, the following attempt:
>
>authorize {
>
>	preprocess
>
>         if ( Called-Station-ID =~ /4262606/ ) {
>             User-Name := "%{Stripped-User-Name}@myispname.com"
>         }
>
>	...
>}
>
>....gives me an error of "Line is not in 'attribute = value' format" with
>the line number of the 'if' statement.  Am I missing something basic here?
>
>Thanks,
>J Fox
>
>Stephen Bowman wrote:
>>
>>
>> On Wed, Oct 15, 2008 at 3:52 PM, Javier Fox <jfox at corp.spiritone.com
>> <mailto:jfox at corp.spiritone.com>> wrote:
>>
>>     Hi folks,
>>
>>     I have a bit of a conundrum trying to implement FreeRadius for a
>>     system where users from multiple ISP names must all authenticate in
>>     the same place, and I'm hoping a more experienced user can shed some
>>     light.
>>
>>     In a nutshell, I need to do the following:
>>     -Check the 'called-station-id' of an incoming RADIUS request
>>     -If the id is A, B, or C, set a hint/realm flag to "alpha"
>>     -If the id is D, E, or F, set a hint/realm flag to "beta"
>>     -If the id is anything else, set a hint/realm flag to "gamma"
>>     -Based on the value of the hint/realm flag, rewrite the username
>>     before attempting authentication (by adding '@ispname1',
>>     '@ispname2', etc.)
>>     -Conversely, if the username already looks like 'user at ispname',
>>     leave it alone
>>
>>     For completeness' sake, I'm performing the authentication against a
>>     Postgres database.  In its current state, the system is able to
>>     happily authenticate users as long as the username is provided in
>>     the format "username at ispname"; otherwise they are rejected.
>>
>>     Our old RADIUS system (using Radiator) appears to call a perl script
>>     to perform this username rewriting, but that just seems like a nasty
>>     hack that I'd prefer to avoid.
>>
>>     Any advice on this would be immeasurably appreciated.
>>
>>     Thanks,
>>     J. Fox
>>
>>
>> Answer: unlang
>>
>> http://freeradius.org/radiusd/man/unlang.html
>>
>>
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list