rewriting usernames
Christopher Carver
ccarver at pennswoods.net
Thu Nov 16 10:56:00 CET 2006
Quoting Kevin Bonner <keb at pa.net>:
> On Monday 13 November 2006 22:24, Christopher Carver wrote:
> > Hello,
> >
> > How do I rewrite the value of the User-Name attribute based on
> > Called-Station-Id? I need to do a series of these logical decisions and
> > replace the username with username@<some-isp.com> based on what the value
> > of Called-Station-Id is.
> >
> > rlm_attr_rewrite seems the obvious choice, but I can't figure out how to
> > use various instances of that module only when Called-Station-Id has a
> > certain value.
> >
> > It seems like a strange thing to need to do, but I've thought about our
> > problem and this is really the only scalable way. I can give a lot of
> > background as to why, but I figured I would ask the question first. So,
> > does anyone have any ideas?
> >
> > Also, thank you for all the hard work on Freeradius. Its a great piece of
> > software.
> >
> > Thanks
> >
> > Chris Carver
>
> Not a crazy question at all. We used a hints file entry like:
>
> DEFAULT Called-Station-Id =~ "^(012)?3456789$"
> User-Name := "%{User-Name}@some-isp.com"
>
> After that, it's pretty easy. Just make sure the some-isp.com realm is in
> proxy.conf and it should act like any other normal request.
>
> Kevin Bonner
>
Thanks for the reply, Kevin. You got me on the right track, but I still don't
quite have it right. It seems as though the users file can only manipulate
reply A/V pairs. I am using mysql to authorize and authenticate, so, I need
rlm_sql_mysql to see the new and changed User-Name. This means I need to
modify the User-Name on the access-request list of A/V pairs. Something like
this...
DEFAULT Called-Station-Id =~ "^(012)?3456789$"
%{request:User-Name} := `%{request:User-Name}@isp.com`,
Fall-Through = yes
But that doesn't work. See if I do just:
DEFAULT Called-Station-Id =~ "^(012)?3456789$"
User-Name := `%{request:User-Name}@isp.com`,
Fall-Through = yes
The reply packet just has the User-Name attribute changed. That doesn't do what
I want, because I aut with rlm_sql_mysql and it needs to see the changed
username with the suffix added.
Any ideas? Anyone?
Thanks,
Chris Carver
Network Engineer
More information about the Freeradius-Users
mailing list