Username Rewrites based on Hint / Realm

Javier Fox jfox at corp.spiritone.com
Wed Oct 15 21:52:38 CEST 2008


Hi folks,

I have a bit of a conundrum trying to implement FreeRadius for a system 
where users from multiple ISP names must all authenticate in the same 
place, and I'm hoping a more experienced user can shed some light.

In a nutshell, I need to do the following:
-Check the 'called-station-id' of an incoming RADIUS request
-If the id is A, B, or C, set a hint/realm flag to "alpha"
-If the id is D, E, or F, set a hint/realm flag to "beta"
-If the id is anything else, set a hint/realm flag to "gamma"
-Based on the value of the hint/realm flag, rewrite the username before 
attempting authentication (by adding '@ispname1', '@ispname2', etc.)
-Conversely, if the username already looks like 'user at ispname', leave it 
alone

For completeness' sake, I'm performing the authentication against a 
Postgres database.  In its current state, the system is able to happily 
authenticate users as long as the username is provided in the format 
"username at ispname"; otherwise they are rejected.

Our old RADIUS system (using Radiator) appears to call a perl script to 
perform this username rewriting, but that just seems like a nasty hack 
that I'd prefer to avoid.

Any advice on this would be immeasurably appreciated.

Thanks,
J. Fox




More information about the Freeradius-Users mailing list