FreeRadius + AD + Realms

Matthew P mayday64 at
Sat Jul 3 13:57:37 CEST 2010

Thanks for your help Alan, it really makes a difference when learning about Freeradius configuration.

> So... decode the user-name using a regex.  You can then use that in
> the LDAP configuration.  The LDAP user search is configurable for a
> *reason*.
I forgot to mention that I need the "user" portion of "user at" for sql too.
"user at" only needs to be sent to the home server (in case the user doesn't have "" or ""). In another words, both AD and DB contain usernames, without any realms.
I've been reading, and can't seem to figure out how to make the logic - "take everything before @ as a username". So please help.
In a general regexp language, I guess that could be done with ([\w.-]+)(?=@.*).

> It's an option, but not the only way to do it.
> if (User-Name =~ / {
>    ldap
> }
> elsif (User-Name =~ / {
>    sql
> }
> else {
>    update control {
>       Proxy-To-Realm := "other"
>    }
> }
Works nicely, thanks for this hint.

Hotmail: Trusted email with powerful SPAM protection.

More information about the Freeradius-Users mailing list