FreeRadius + AD + Realms
Alan DeKok
aland at deployingradius.com
Sat Jul 3 08:16:52 CEST 2010
Matthew P wrote:
> Although, now a new problem arrised - I can't seem to get the (stripped) username in the inner-tunnel with preprocess.
> So the username stays in the form - "user at mydomain.com", but that isn't usable for a LDAP search (on the AD).
So... decode the user-name using a regex. You can then use that in
the LDAP configuration. The LDAP user search is configurable for a
*reason*.
> Because there are realms involved in the scenario.
> If the realm is "mydomain.com" then radius needs to lookup a user in AD.
> If the realm is "mydomain2.com" then it needs to consult sql.
> Otherwise it should proxy the request to a home server.
>
> What would be a proper way to do this? I thought setting up a virtual server for every scenario is the way to go?
It's an option, but not the only way to do it.
if (User-Name =~ /@mydomain.com/) {
ldap
}
elsif (User-Name =~ /@mydomain2.com) {
sql
}
else {
update control {
Proxy-To-Realm := "other"
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list