Proxying based on a regex

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Mon Jul 25 23:18:41 CEST 2011


> Not quite ...

I see, that makes sense. Thanks for taking the time to explain.


Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

________________________________________
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] on behalf of Arran Cudbard-Bell [a.cudbardb at freeradius.org]
Sent: Monday, July 25, 2011 4:02 PM
To: FreeRadius users mailing list
Subject: Re: Proxying based on a regex

On 25 Jul 2011, at 22:49, Sallee, Stephen (Jake) wrote:

>> Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.
>
> Glad you like it : )
>
> I am still new to FR so forgive me if I am mistaken but that little bit of unlang would go into the sites-enabled-default config correct?

Yep, correct.

> If so isn't it doing the same thing as the suffix module?

Not quite, this proxies a whole bunch of suffixes to a single realm if the format matches. Suffix will proxy to different realms based on the realm in the request.

-Arran


>
> Either way you need to setup the proxy config ...
>
> Ours may be working because we are only checking the domain the user uses and then steering them to the correct inner-tunnel, my apologies if the advice was incorrect.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> 900 College St.
> Belton, Texas
> 76513
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> -----Original Message-----
> From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Arran Cudbard-Bell
> Sent: Monday, July 25, 2011 3:33 PM
> To: FreeRadius users mailing list
> Subject: Re: Proxying based on a regex
>
> Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.
>
>
> if(User-Name =~ /REGEX/){
>       update control {
>               Proxy-To-Realm := 'my_proxy_realm'
>       }
> }
>
> Then configure the realm in proxy.conf. Subcapture groups can provide you with parts of the User-Name string and can be accessed using the %{0}, %{1}, %{2}... etc variables
>
> You don't need to do anything if you're just doing local authentication....
>
>
> -Arran
>
> On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote:
>
>> We did this through our realms see code:
>>
>> In your proxy.conf
>>
>> realm "~.*umhb\\.edu$" {
>> #### some code here###
>> ###usually the virtual server you want to proxy them to### }
>>
>> If I am understanding your question right that should do it, but others may have a better way .. or I could be on crack ...
>>
>>
>> -----Original Message-----
>> From:
>> freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
>> [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius
>> .org] On Behalf Of Charles Plater
>> Sent: Monday, July 25, 2011 3:05 PM
>> To: freeradius-users at lists.freeradius.org
>> Subject: Proxying based on a regex
>>
>> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the format of the ID. I have a working regex that determines the domain to which the request should be sent, but I'm having a hard time figuring out the syntax of the proxy statement. Here's what I've tried:
>>
>> if (User-Name !~ <REGEX>) {
>>      proxy: domain.name
>> else {
>>      proxy: LOCAL
>>      }
>> }
>>
>> FWIW, I can successfully authenticate do the "domain.name" realm by using userid at domain.name.
>>
>> Can anyone offer any suggestions? Thanks in advance.
>> --
>> Charles Plater
>> Lead Application Technical Analyst
>> Internet Services
>> +1-313-577-4620
>> ab3189 at wayne.edu
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> RADIUS - Half the complexity of Diameter
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

Arran Cudbard-Bell
a.cudbardb at freeradius.org

RADIUS - Half the complexity of Diameter


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list