Username Rewrites based on Hint / Realm

Javier Fox jfox at corp.spiritone.com
Wed Oct 15 23:35:53 CEST 2008


Thanks for the pointer.  I'm not entirely certain as to the proper place 
to put such a thing, though.  The examples I've been able to pull up 
show others using 'if' statements and such in the 'authorize' block, 
after calling preprocess.  However, the following attempt:

authorize {

	preprocess

         if ( Called-Station-ID =~ /4262606/ ) {
             User-Name := "%{Stripped-User-Name}@myispname.com"
         }

	...
}

...gives me an error of "Line is not in 'attribute = value' format" with 
the line number of the 'if' statement.  Am I missing something basic here?

Thanks,
J Fox

Stephen Bowman wrote:
> 
> 
> On Wed, Oct 15, 2008 at 3:52 PM, Javier Fox <jfox at corp.spiritone.com 
> <mailto:jfox at corp.spiritone.com>> wrote:
> 
>     Hi folks,
> 
>     I have a bit of a conundrum trying to implement FreeRadius for a
>     system where users from multiple ISP names must all authenticate in
>     the same place, and I'm hoping a more experienced user can shed some
>     light.
> 
>     In a nutshell, I need to do the following:
>     -Check the 'called-station-id' of an incoming RADIUS request
>     -If the id is A, B, or C, set a hint/realm flag to "alpha"
>     -If the id is D, E, or F, set a hint/realm flag to "beta"
>     -If the id is anything else, set a hint/realm flag to "gamma"
>     -Based on the value of the hint/realm flag, rewrite the username
>     before attempting authentication (by adding '@ispname1',
>     '@ispname2', etc.)
>     -Conversely, if the username already looks like 'user at ispname',
>     leave it alone
> 
>     For completeness' sake, I'm performing the authentication against a
>     Postgres database.  In its current state, the system is able to
>     happily authenticate users as long as the username is provided in
>     the format "username at ispname"; otherwise they are rejected.
> 
>     Our old RADIUS system (using Radiator) appears to call a perl script
>     to perform this username rewriting, but that just seems like a nasty
>     hack that I'd prefer to avoid.
> 
>     Any advice on this would be immeasurably appreciated.
> 
>     Thanks,
>     J. Fox
> 
> 
> Answer: unlang
> 
> http://freeradius.org/radiusd/man/unlang.html
> 
> 
> ------------------------------------------------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list