Freeradius proxy.conf login based
Hi Actually i use proxy.conf for forward auth-request to the good radius server: realm "~(myrealm.realm)" { auth_pool = pool-auth.myrealm.realm acct_pool = pool-acct.myrealm.realm nostrip } login@myrealm.realm work's very good. but for one supplier, i want forward based on login, sample: realm "MSP-*@OTHER" { auth_pool = pool-auth.myrealm.realm acct_pool = pool-acct.myrealm.realm nostrip } it's possible ? i think's that i don't have the good synthaxe of realm because that's don't work thanks for your help regards
On Jul 14, 2019, at 9:27 AM, Olivier CALVANO <o.calvano@gmail.com> wrote:
Actually i use proxy.conf for forward auth-request to the good radius server:
realm "~(myrealm.realm)" {
That's treated as a regular expression.
auth_pool = pool-auth.myrealm.realm acct_pool = pool-acct.myrealm.realm nostrip }
login@myrealm.realm work's very good.
That's good but you don't need to match a regular expression like this. You can just match the string.
but for one supplier, i want forward based on login, sample:
realm "MSP-*@OTHER" { auth_pool = pool-auth.myrealm.realm acct_pool = pool-acct.myrealm.realm nostrip }
it's possible ? i think's that i don't have the good synthaxe of realm because that's don't work
The "realm" is the *domain name* portion of the User-Name. You can't match *all* of the User-Name in a "realm" block. What you can do is this: realm OTHER { auth_pool = pool-auth.myrealm.realm acct_pool = pool-acct.myrealm.realm nostrip } And then in the "authorize" section, do: if (User-Name =~ /^MSP-.*@OTHER/) { update control { Proxy-To-Realm := "OTHER" } } else { suffix # do normal realm matching } Alan DeKok.
participants (2)
-
Alan DeKok -
Olivier CALVANO