FR 2.1.6 add realm to User-Name before Proxy by listening port

Phil Mayers p.mayers at imperial.ac.uk
Mon Dec 13 15:05:06 CET 2010


On 13/12/10 13:48, Mika wrote:
>
> Hello.
> How would i go about configuring the following with FreeRadius 2.1.6?
> I need to change the User-Name attribute by adding a realm to it based on
> incoming listening port, before the Access-Request is proxied
> (Proxy-To-Realm) to backend server.


Easy, use unlang (see "man unlang"):

authorize {
   ...
   if (Packet-Dst-Port == xxx) {
     update request {
       User-Name := "%{User-Name}@therealm"
     }
     update control {
       Proxy-To-Realm := PROXYREALM
     }
   }
   ...
}


Alternatively you could look the realm up in a database:

authorize {
   ..
   update request {
     Tmp-String-0 = "%{sql:select ... where port='%{Packet-Dst-Port}'
     User-Name := "%{User-Name}@%{Tmp-String-0}"
   }
   update control {
     Proxy-To-Realm := "%{Tmp-String-0}"
   }
   ...
}

There are many variations on this.



More information about the Freeradius-Users mailing list