Routing new RFC7542-style realms

Alan DeKok aland at deployingradius.com
Sun Oct 2 17:38:52 CEST 2016


On Oct 2, 2016, at 11:28 AM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk> wrote:
>> It can be done manually in "unlang".  But it means replicating the
>> logic in rlm_realm, and re-writing it unlang statements.
> 
> OK, I simply rewrite the User-Name *before* calling suffix?

  No, I mean *all* of the logic has to be in unlang.  Don't use the realm module at all.

	if (User-Name =~ /^([^@]+)@([^@]+)$/) {
		update request {
			Stripped-User-Name := "%{1}"
			Realm := "%{2}"
		}

		if (Realm == /my.realm.name) {
			# ... more checks on Stripped-User-Name...
		}

		update control {
			Proxy-To-Realm := &Realm
		}
	}

  Alan DeKok.




More information about the Freeradius-Users mailing list