Stripping part of the login before authentication?

Phil Mayers p.mayers at imperial.ac.uk
Sun Feb 5 19:39:19 CET 2006


Garry Glendown wrote:
> Hi,
> 
> we have multiple ways of getting connections, all in the format
> 
> 	user#somestring at morechars
> 
> Is it possible to define something in FreeRadius to just compare the
> part before the "#" and authenticate based on that?

If by that you mean: disregard all characters from the # onwards in the 
username, then yes this is trivial - use the realm module:

proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf

modules {
   realm hashsuffix {
     format = suffix
     delimiter = "#"
     ignore_default = no
     ignore_null = yes
   }

   # other module config
}

authorize {
   preprocess
   hashsuffix
   # other modules
}

And in proxy.conf:

realm DEFAULT {
   type     = radius
   authhost = LOCAL
   accthost = LOCAL
}

Alternatively, you may be able to use the "hints" file:

DEFAULT	User-Name =~ "([^#]+)#(.*)"
	User-Name == `%{1}`,
	Realm = `%{2}`

...or whatever



More information about the Freeradius-Users mailing list