Proxy based on Multiple Realms

Bob Brandt bob at brandt.ie
Fri Oct 16 11:58:25 CEST 2009


Perfect, I think that is exactly what I want, but I'm hoping you might be
able to help me with the syntax. I am trying this, but is doesn't seem to
work:

# - From the proxy.conf file:
realm host {
    if ( Stripped-User-Name =~ ".*\.domain\.name" ) {
        pool = adradius
        nostrip
    }
}

Thanks
Bob

On Thu, Oct 15, 2009 at 3:38 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
> > What I want to do is proxy requests based on being in multiple realms.
>  For
> > example:
> > Realm1/username.Realm2
>
> so long as the second part with always be username.realm2 (and you dont get
> into user.name.realm2 then you can use 2.1.x with unlang to configure what
> you need. you need to use a decent regex parttern to match
>
> $1/[string].$2    (in fact, you can simply ignore $1 as it will always
> be host/ if dealing with type of traffic i expect)...and then you can
> simply
> set the proxy-to-realm to be equal to the $2 value.
>
> however, this is not a trivial 'it'll just work' and the realm details
> might not be the sites real NAI realm (as it might be an internal AD realm
> that has no basis on real world name, for example).
>
> PS in eduroam we only allow the authentication of users via RFC NAI values
> -
> this stops this nasty machine authentication mess (which most RADIUS
> servers
> will not be able to handle) - i guess this is a demonstration of FR
> power/flexibility
> rather than common use :-)
>
> alan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091016/3a927ee9/attachment.html>


More information about the Freeradius-Users mailing list