I have regex in my /etc/raddb/site-enabled/default authorize section as : if (User-Name =~ /^([^@]*)@([-A-Z0-9]+(\\.[-A-Z0-9]+)+)$/i) { # user has a valid-looking realm update request { Stripped-User-Name := "%{1}" #Realm = "%{tolower:%{2}}" Realm = "%{toupper:%{2}}" #Realm = "%{2}" } } else { # malformed NAI update reply { Reply-Message := "malformed username " } reject } if (Realm == example.com) { update control { Proxy-To-Realm := LOCAL } } else { update control { Proxy-To-Realm := DEFAULT } } This is working well, with example.com. but when user sends user@a.example.com then it sends to DEFAULT which send to UPstream radius server. So, what shall I do a.example.com, b.example.com (valid sub-domain) not to send upstream server ? I tried enabling in proxy.conf realm "~(.*\\.)*example\\.com$" { } no luck. any hint or point on this ?
Rando Nakarmi wrote:
I have regex in my /etc/raddb/site-enabled/default authorize section as :
if (User-Name =~ /^([^@]*)@([-A-Z0-9]+(\\.[-A-Z0-9]+)+)$/i) {
Which only looks for "example.com", and not "a.example.com".
This is working well, with example.com. but when user sends user@a.example.com then it sends to DEFAULT which send to UPstream radius server.
That's what you told it to do.
So, what shall I do a.example.com, b.example.com (valid sub-domain) not to send upstream server ?
Update the regex to match subdomains, too: if (User-Name =~ /^([^@]*)@(([-A-Z0-9]+\.)*[-A-Z0-9]+(\\.[-A-Z0-9]+)+)$/i) Alan DeKok.
participants (2)
-
Alan DeKok -
Rando Nakarmi