Username Rewrites based on Hint / Realm

Stephen Bowman sbbowman at gmail.com
Wed Oct 15 22:21:04 CEST 2008


On Wed, Oct 15, 2008 at 3:52 PM, Javier Fox <jfox at corp.spiritone.com> wrote:

> Hi folks,
>
> I have a bit of a conundrum trying to implement FreeRadius for a system
> where users from multiple ISP names must all authenticate in the same place,
> and I'm hoping a more experienced user can shed some light.
>
> In a nutshell, I need to do the following:
> -Check the 'called-station-id' of an incoming RADIUS request
> -If the id is A, B, or C, set a hint/realm flag to "alpha"
> -If the id is D, E, or F, set a hint/realm flag to "beta"
> -If the id is anything else, set a hint/realm flag to "gamma"
> -Based on the value of the hint/realm flag, rewrite the username before
> attempting authentication (by adding '@ispname1', '@ispname2', etc.)
> -Conversely, if the username already looks like 'user at ispname', leave it
> alone
>
> For completeness' sake, I'm performing the authentication against a
> Postgres database.  In its current state, the system is able to happily
> authenticate users as long as the username is provided in the format
> "username at ispname"; otherwise they are rejected.
>
> Our old RADIUS system (using Radiator) appears to call a perl script to
> perform this username rewriting, but that just seems like a nasty hack that
> I'd prefer to avoid.
>
> Any advice on this would be immeasurably appreciated.
>
> Thanks,
> J. Fox
>

Answer: unlang

http://freeradius.org/radiusd/man/unlang.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081015/0759bf98/attachment.html>


More information about the Freeradius-Users mailing list