mr typo <euroregistrar@gmail.com> wrote:
i do have a problem with our freeradius configuration and i have no idea how to solve it.
we do have one realm configured domainname.com which works perfectly. every user who wants to authenticate with a different realm is proxied to an outside radius. server. the setup works fine.
we do have some mobile devices who send something like: username@company.com@wlan.mnc003.mc username@company.com@Verisign... . .
we send these requests to our proxy and the proxy sends it back to us,....
from my understanding i cant solve it with a regex in the proxy.conf, right? since the "realm" is just the string after the last @?
anyone has an idea how i can process such request in my company.com realm? inside the realm i strip everything out, so it should work then.
Use some unlang in 'authorize' *before* you call 'suffix' that looks like: ---- if (User-Name ~= /^(.*@company.com)@.*/) { User-Name := "%{1}" } ---- As a side note, I currently have in proxy.conf: ---- # blackhole routing realm myabc.com { virtual_server = auth-reject nostrip } realm "~\\.3gppnetwork\\.org$" { virtual_server = auth-reject nostrip } ---- ...and a virtual server: ---- server auth-reject { authorize { suffix switch "%{Realm}" { case "NULL" { update reply { Reply-Message := "No Realm" } } # we should not get here case "DEFAULT" { update reply { Reply-Message := "ERROR" } } # we *really* should not get here case "%{config:local.MY.realm}" { update reply { Reply-Message := "BIG ERROR" } } case { update reply { Reply-Message := "Realm Blackholed" } } } reject } } ---- I would recommend you reject straight away any double realmed users as you will only find yourself later on still having to deal with misconfigured kit; pain now means a *lot* less pain later down the road in my experience. Cheers -- Alexander Clouter .sigmonster says: This Fortune Examined By INSPECTOR NO. 2-14