Ben Butler freeradius at
Mon Feb 19 21:29:16 CET 2007


I am having some problems with attr_rewrite.

What I want to do is the following at a pre authorisation phase:

User-Name = username at


User-Name =

I want to call by attr_rewrite function for each of the domains that I want
to stip the username from prior to authorisation.

This is what I have in  radiusd.conf:

        attr_rewrite checkdomain1 {
                attribute = User-Name
                searchin = packet
                searchfor = ". at"
                replacewith = ""
                ignore_case = yes
                new_attribute = no
                max_matches = 10
                append = no

This is kind of working but =mMy problem is that I am not sure what to use
in the regular expersion for the match query:

I have tried . at, ^$, ?, \w. at

I have read the list history and trawlled google and I guess I am just not
bright enough to get these pesky (ir)regular expressions!

Can someone please tell me what I need to put in here:

searchfor = ". at"

To match: anything at

Why Am I doing this???

DSL Wholesale Layer2 Tunneling Switch - (LTS) 1 querries my Radius Server 1
for tunnel paramaters.

Radius Server 1 will then for:

user at into various Tunnels / groups swtiched based on full
username to NAS1,2,3 etc classify any users at this domain into tunnel1 and switch to LTS
2 classify any users at this domain into tunnel2 and switch to LTS

Because I dont know the users  in domain1&2, I cant authenticate using the
fully qualified username, and for other reasons it is not possible to set
LTS1 to athenticate its tunnels based on realm rather than username, it has
to use username.

So -tThis above is why I am trying to rewrite the user to be just a realm in
radius server 1 for domain 1&

For those that are intersted, what happens next is...

LTS 2 then looks up in another radius server (radius 2) for the tunnel ID
where to switch the tunnel to for the terminating NAS for that
partner/reseller.  This NAS will then query its radius server (a third
party) to handle the actual user authentication and PPP paramaters.

For NAS1,2,3 will querry radius server 3 for the authentication
of my own users and PPP paramaters.

So: DSL Wholesale LTS -> In house NASes or In house LTS boxes

In house LTS boxes -> Partner NASes

Kind Regards


More information about the Freeradius-Users mailing list