FreeRadius + AD + Realms

Alan DeKok aland at deployingradius.com
Sat Jul 3 08:16:52 CEST 2010


Matthew P wrote:
> Although, now a new problem arrised - I can't seem to get the (stripped) username in the inner-tunnel with preprocess.
> So the username stays in the form - "user at mydomain.com", but that isn't usable for a LDAP search (on the AD).

  So... decode the user-name using a regex.  You can then use that in
the LDAP configuration.  The LDAP user search is configurable for a
*reason*.

> Because there are realms involved in the scenario.
> If the realm is "mydomain.com" then radius needs to lookup a user in AD.
> If the realm is "mydomain2.com" then it needs to consult sql.
> Otherwise it should proxy the request to a home server.
> 
> What would be a proper way to do this? I thought setting up a virtual server for every scenario is the way to go?

  It's an option, but not the only way to do it.


	if (User-Name =~ /@mydomain.com/) {
		ldap
	}
	elsif (User-Name =~ /@mydomain2.com) {
		sql
	}
	else {
		update control {
			Proxy-To-Realm := "other"
		}
	}

  Alan DeKok.



More information about the Freeradius-Users mailing list