FreeRadius + AD + Realms

Alan DeKok aland at
Sat Jul 3 08:16:52 CEST 2010

Matthew P wrote:
> Although, now a new problem arrised - I can't seem to get the (stripped) username in the inner-tunnel with preprocess.
> So the username stays in the form - "user at", but that isn't usable for a LDAP search (on the AD).

  So... decode the user-name using a regex.  You can then use that in
the LDAP configuration.  The LDAP user search is configurable for a

> Because there are realms involved in the scenario.
> If the realm is "" then radius needs to lookup a user in AD.
> If the realm is "" then it needs to consult sql.
> Otherwise it should proxy the request to a home server.
> What would be a proper way to do this? I thought setting up a virtual server for every scenario is the way to go?

  It's an option, but not the only way to do it.

	if (User-Name =~ / {
	elsif (User-Name =~ / {
	else {
		update control {
			Proxy-To-Realm := "other"

  Alan DeKok.

More information about the Freeradius-Users mailing list