add realm to user based on NAS-IP
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Apr 11 15:59:30 CEST 2007
>>
>> DEFAULT NAS-IP-Address == 10.0.0.1, Proxy-To-Realm := "realm"
>>
>>
>> Ah yes, still the top entry should have worked, username would have to
>> be rewritten in hints file.
>>
>> Or with attr_rewrite.
>>
> Yippiieee,
>
> the request has been sent through to the home-server. Still need to work
> on the username but i don't expect
> big problems with that.
>
> Thanks to both of you
>
A word of warning with the username, if your using EAP then the username
is also sent within the EAP tunnel. If the username sent in the eap
tunnel and the username sent in the access request packet don't match,
then the user will be rejected.
So if you rewrite the username at the proxying server, be sure to have
the relevant hint on the home_server to rewrite the username back into
it's original form :)
And sorry your were having problems, I forgot the : in the
Proxy-To-Realm. :(
--
Arran Cudbard-Bell (ac221 at sussex.ac.uk)
Authentication Authorisation & Accounting Officer
Infrastructure Services | ENG1 FF08
EXT:3900
More information about the Freeradius-Users
mailing list