Proxying based on a regex
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jul 25 23:02:18 CEST 2011
On 25 Jul 2011, at 22:49, Sallee, Stephen (Jake) wrote:
>> Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.
>
> Glad you like it : )
>
> I am still new to FR so forgive me if I am mistaken but that little bit of unlang would go into the sites-enabled-default config correct?
Yep, correct.
> If so isn't it doing the same thing as the suffix module?
Not quite, this proxies a whole bunch of suffixes to a single realm if the format matches. Suffix will proxy to different realms based on the realm in the request.
-Arran
>
> Either way you need to setup the proxy config ...
>
> Ours may be working because we are only checking the domain the user uses and then steering them to the correct inner-tunnel, my apologies if the advice was incorrect.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> 900 College St.
> Belton, Texas
> 76513
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> -----Original Message-----
> From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Arran Cudbard-Bell
> Sent: Monday, July 25, 2011 3:33 PM
> To: FreeRadius users mailing list
> Subject: Re: Proxying based on a regex
>
> Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.
>
>
> if(User-Name =~ /REGEX/){
> update control {
> Proxy-To-Realm := 'my_proxy_realm'
> }
> }
>
> Then configure the realm in proxy.conf. Subcapture groups can provide you with parts of the User-Name string and can be accessed using the %{0}, %{1}, %{2}... etc variables
>
> You don't need to do anything if you're just doing local authentication....
>
>
> -Arran
>
> On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote:
>
>> We did this through our realms see code:
>>
>> In your proxy.conf
>>
>> realm "~.*umhb\\.edu$" {
>> #### some code here###
>> ###usually the virtual server you want to proxy them to### }
>>
>> If I am understanding your question right that should do it, but others may have a better way .. or I could be on crack ...
>>
>>
>> -----Original Message-----
>> From:
>> freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
>> [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius
>> .org] On Behalf Of Charles Plater
>> Sent: Monday, July 25, 2011 3:05 PM
>> To: freeradius-users at lists.freeradius.org
>> Subject: Proxying based on a regex
>>
>> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the format of the ID. I have a working regex that determines the domain to which the request should be sent, but I'm having a hard time figuring out the syntax of the proxy statement. Here's what I've tried:
>>
>> if (User-Name !~ <REGEX>) {
>> proxy: domain.name
>> else {
>> proxy: LOCAL
>> }
>> }
>>
>> FWIW, I can successfully authenticate do the "domain.name" realm by using userid at domain.name.
>>
>> Can anyone offer any suggestions? Thanks in advance.
>> --
>> Charles Plater
>> Lead Application Technical Analyst
>> Internet Services
>> +1-313-577-4620
>> ab3189 at wayne.edu
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> RADIUS - Half the complexity of Diameter
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Half the complexity of Diameter
More information about the Freeradius-Users
mailing list