FreeRadius + AD + Realms

Matthew P mayday64 at hotmail.com
Sat Jul 3 13:57:37 CEST 2010


Thanks for your help Alan, it really makes a difference when learning about Freeradius configuration.

> So... decode the user-name using a regex.  You can then use that in
> the LDAP configuration.  The LDAP user search is configurable for a
> *reason*.
I forgot to mention that I need the "user" portion of "user at mydomain.com" for sql too.
"user at mydomain.com" only needs to be sent to the home server (in case the user doesn't have "@mydomain.com" or "@mydomain2.com"). In another words, both AD and DB contain usernames, without any realms.
I've been reading http://freeradius.org/radiusd/man/unlang.html, and can't seem to figure out how to make the logic - "take everything before @ as a username". So please help.
In a general regexp language, I guess that could be done with ([\w.-]+)(?=@.*).

> It's an option, but not the only way to do it.
> 
> if (User-Name =~ /@mydomain.com/) {
>    ldap
> }
> elsif (User-Name =~ /@mydomain2.com/) {
>    sql
> }
> else {
>    update control {
>       Proxy-To-Realm := "other"
>    }
> }
Works nicely, thanks for this hint.

Matthew
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969



More information about the Freeradius-Users mailing list