FreeRadius + AD + Realms
Matthew P
mayday64 at hotmail.com
Sat Jul 3 13:57:37 CEST 2010
Thanks for your help Alan, it really makes a difference when learning about Freeradius configuration.
> So... decode the user-name using a regex. You can then use that in
> the LDAP configuration. The LDAP user search is configurable for a
> *reason*.
I forgot to mention that I need the "user" portion of "user at mydomain.com" for sql too.
"user at mydomain.com" only needs to be sent to the home server (in case the user doesn't have "@mydomain.com" or "@mydomain2.com"). In another words, both AD and DB contain usernames, without any realms.
I've been reading http://freeradius.org/radiusd/man/unlang.html, and can't seem to figure out how to make the logic - "take everything before @ as a username". So please help.
In a general regexp language, I guess that could be done with ([\w.-]+)(?=@.*).
> It's an option, but not the only way to do it.
>
> if (User-Name =~ /@mydomain.com/) {
> ldap
> }
> elsif (User-Name =~ /@mydomain2.com/) {
> sql
> }
> else {
> update control {
> Proxy-To-Realm := "other"
> }
> }
Works nicely, thanks for this hint.
Matthew
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
More information about the Freeradius-Users
mailing list