radius proxy senario

piston pistonic at yahoo.com
Mon Mar 9 12:52:05 CET 2009 

I have trying both

if ("%{User-Name}" =~ /"^ABC\/"/ ) {
                 update control {
                 Realm := 'another_realm'
                 }
         }


if ("%{User-Name}" =~ /"^ABC\/"/ ) {
                 update request {
                 Realm := 'another_realm'
                 }
         }


Still not working. 

Just make sure if I'm not understand wrongly. In the ideal case when receiving access access ABC/userid at my_realm, i should able to transform this login id as userid at another_realm, and proxy the login id base on another_realm at proxy.conf.

Debugged log as below:

rad_recv: Access-Request packet from host 192.168.168.7 port 2469, id=42, length=65
        User-Name = "ABC/userid at my_realm"
        User-Password = "test"
        NAS-Port = 100
+- entering group authorize {...}
++[preprocess] returns ok
++? if ("%{User-Name}" =~ /"^ABC\/"/)
        expand: %{User-Name} -> ABC/userid at my_realm
? Evaluating ("%{User-Name}" =~ /"^ABC\/"/) -> FALSE
++? if ("%{User-Name}" =~ /"^ABC\/"/) -> FALSE
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.

Thank you

Piston


----- Original Message ----
From: "A.L.M.Buxey at lboro.ac.uk" <A.L.M.Buxey at lboro.ac.uk>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Monday, March 9, 2009 5:16:35 PM
Subject: Re: radius proxy senario

Hi,
> 
> Hi
> 
> I'm putting the following code under /etc/freeradius/site-available/default, authorize section just after preproccess
> 
>  if (User-Name =~ "^ABC\/") {
>                 update control {
>                 Realm == "%another_realm"}
>         }
> 
> 
> But i'm getting such error:
> 
> Expected regular expression at: "^ABC\/")
> /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
>  }
> 
> Need some guidance, this is the first time using unlang.

read the main page for unlang and the online documents - snippets
of logic code are not to be blindly used verbatim when supplied on
this list  - however, this is a quick fix so:


  if ("%{User-Name}" =~ /"^ABC\/"/ ) {
                 update control {
                 Realm := 'another_realm'
                 }
         }


however, I'd personally prefer (why? still not sure)

if ("%{User-Name}" =~ /"^ABC\/"/ ) {
                 update request {
                 Realm := 'another_realm'
                 }
         }

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list