Removing domain name in freeradius
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Oct 12 18:09:24 CEST 2010
Hi,
> authorize {
> if (User-Name =~ /^(.*)@(.*)/) {
> update request {
> User-Name := "%{1}"
> Realm := "%{2}"
> }
> if (Realm !~ /mydomain\.ox\.ac\.uk/i) {
> # invalid
> reject
> }
> }
> }
beware of blank outerid as per the RFC - ie @mydomain.ox.ac.uk is 100% legit.
you need to ensure that the unlang and regex handles this.
> Which is "better" will depend on exactly what you're trying to do. I use
> the former, but mostly for historical reasons. The latter may be
> somewhat more flexible.
I've moved to the latter because of the flexibility - especially if you have
3rd party realms to deal with that wont be sent off to a default external proxy
farm.
alan
More information about the Freeradius-Users
mailing list