realm question

Jeff Crowe listacct at genhex.net
Mon Jul 28 15:27:32 CEST 2008


Subject: Re: realm question

Hi,

> Can I strip the "idm/something/" somehow?  

sure. a simple strip in the config would work...
or unlang of course.

eg in radiusd.conf

attr_rewrite copy.user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}"
}

attr_rewrite remove-junk {
attribute = Stripped-User-Name
searchfor = "/idm\/something\/"
searchin = packet
new_attribute = no
replacewith = ""
}


then in sites-enabled/default  (or usual server) add 

copy.user-name  
remove-junk

in the authorize section alongside prefix, suffix, ntrealm etc


------------------

Hi Alan,

Thank you for your reply, it worked great with a couple of tweaks.  For
those trying to implement the same type of idea, the code works great when
added to the modules/attr_rewrite module instead of in the radiusd.conf
file.

In your sites-available/whatever, the order of the processing is important.
I have a realm setup to strip off after the @domain, but if the attr_rewrite
modules are called before the suffix module, the suffix module will not pass
the stripped-user-name that was required in my case, it will pass the whole
user at domain as the username.

If you place the rewrite modules names after the suffix, everything works
great.


Cheers,
Jeff.





More information about the Freeradius-Users mailing list