radius proxy senario

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Sun Mar 8 18:17:38 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> 1. I have a local realm (suffix), xyz.com. I'm using freeradius
2.1.3+mysql.
>>
>> 2. My own user's username in mysql radcheck table is store in
username at xyz.com format
>>
>> 3. A person want me to proxy his prefix
ABC/his-customer-username at myrealm to his radius server, i.e:
ABC/his-customer-username at xyz.com
>
> nasty. same realm but needs to be handled differently. okay. i'd say
use unlang
> for this.  before prefix, realm etc are called in the auth stage, have
a check ie
>
> quick pseudo-code whilst i have a coffee
>

Or if you want to use the NT domain portion as the realm..

if (User-Name =~ /^([^\\/:*?<>|\"]+)\\\\//) {
    update control {
        Realm = "%{1}"
    }
}

Think that's the right number of backslashes...



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmz/bEACgkQcaklux5oVKLa4ACeKwkASUqoRcsoaUFKlcHl0r7m
WBQAn2FS0pg0FerxaFtw586rIrXq53CV
=csnq
-----END PGP SIGNATURE-----




More information about the Freeradius-Users mailing list