rewriting usernames

Christopher Carver ccarver at pennswoods.net
Thu Nov 16 21:01:03 CET 2006 

Quoting Michael Mitchell <mitchell.michael at bigpond.com>:

> Hi Chris,
>
> Christopher Carver wrote:
> >
> > Thanks for the reply, Kevin.  You got me on the right track, but I still
> don't
> > quite have it right.  It seems as though the users file can only manipulate
>
> Kevin's solution uses the "hints" file, not the "users" file. You'll need to
> enable the preprocess module in the authorize section of radiusd.conf if it
> isn't already.
>
> cheers,
> Mike
>

Thanks for the help Mike and Kevin.  Well, I've made the change in the hints
file.  The proprocesses module is matching on the correct line of the hints
file, but the change to the User-Name isn't actually taking place.  It
continues on to other modules with the same value.  From hints (line 1, where
preprocesses is matching):

DEFAULT
        User-Name := "%{User-Name}@some-isp.com"

I excluded the check for Called-Station-Id for now to keep things simple.  I use
radclient to send an access accept packet where the username is "carver" along
with the correct password.  Thats the test user account name.  Here is the
radiusd -X output:

rad_recv: Access-Request packet from host 127.0.0.1:32858, id=14, length=46
        User-Name = "carver"
        User-Password = "carver"
rad_lowerpair:  User-Name now 'carver'
rad_rmspace_pair:  User-Name now 'carver'
modcall: entering group authorize for request 0
  hints: Matched DEFAULT at 1
  modcall[authorize]: module "preprocess" returns ok for request 0
    users: Matched DEFAULT at 10
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'carver'
rlm_sql (sql): sql_set_user escaped user --> 'carver'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'carver' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 5
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'carver' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'carver' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'carver' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.prio'
rlm_sql (sql): Released sql socket id: 5
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: type Crypt
Login OK: [carver] (from client localhost port 0)

In theory it should be processing it after hints as carver at some-isp.com.  But
its still using the original username as if the change in hints had never
ocurred.  Any ideas?

Thanks for the help so far.  I really appreciate it.

Chris Carver

More information about the Freeradius-Users mailing list