New User and AD Question

Arran Cudbard-Bell a.cudbardb at gmail.com
Tue Mar 1 02:12:44 CET 2011


>> 
> 
> That looks like Perl.  Perl, I can deal with.  I do have multiple domains to attack.  If I can come up with something generic that works for at least two domains, I'll post it here.  Looks predictable enough.  I'm thinking along the lines of something like this:
> 
> # BOL, "host", a slash, one or more non-dot characters, a dot,
> # one or more non-whitespace chars, EOL.
> if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
> 	update control {
> 		Proxy-To-Realm := %{2};
> 	}
> }
> 
> I have two toddlers crawling on me at the moment (literally), so I haven't checked unlang syntax, but from Perl, that's more or less what it would look like.  %{1} would contain the host name.  Do I need to update the User-Name to just %{1} and/or update other fields related to the realm (domain)?

Yes, that's correct. 

If you have multiple realms you may want to use a case statement

> # BOL, "host", a slash, one or more non-dot characters, a dot,
> # one or more non-whitespace chars, EOL.
> if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
	switch "%{2}" {
		case 'my-domain-string-1' {
			update control {
				Proxy-To-Realm := 'my-domain-1'
			}
		}
		case 'my-domain-string-2' {
			update control {
				Proxy-To-Realm := 'my-domain-1'
			}
		}
		case 'my-domain-string-3' {
			update control {
				Proxy-To-Realm := 'my-domain-2'
			}
		}
		case {
			# Domain not recognised
		}
	}
> }
> 
> It may be difficult to try this before tomorrow morning, since I'm now off site, but I'll at least work at it until "radiusd -X" is happy with it.

-Arran



More information about the Freeradius-Users mailing list