Stripping part of the login before authentication?
Phil Mayers
p.mayers at imperial.ac.uk
Sun Feb 5 19:39:19 CET 2006
Garry Glendown wrote:
> Hi,
>
> we have multiple ways of getting connections, all in the format
>
> user#somestring at morechars
>
> Is it possible to define something in FreeRadius to just compare the
> part before the "#" and authenticate based on that?
If by that you mean: disregard all characters from the # onwards in the
username, then yes this is trivial - use the realm module:
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
modules {
realm hashsuffix {
format = suffix
delimiter = "#"
ignore_default = no
ignore_null = yes
}
# other module config
}
authorize {
preprocess
hashsuffix
# other modules
}
And in proxy.conf:
realm DEFAULT {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Alternatively, you may be able to use the "hints" file:
DEFAULT User-Name =~ "([^#]+)#(.*)"
User-Name == `%{1}`,
Realm = `%{2}`
...or whatever
More information about the Freeradius-Users
mailing list