Removing domain name in freeradius

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Tue Oct 12 18:09:24 CEST 2010


Hi,

> authorize {
>     if (User-Name =~ /^(.*)@(.*)/) {
>       update request {
>         User-Name := "%{1}"
>         Realm := "%{2}"
>       }
>       if (Realm !~ /mydomain\.ox\.ac\.uk/i) {
>         # invalid
>         reject
>       }
>     }
> }

beware of blank outerid as per the RFC - ie @mydomain.ox.ac.uk is 100% legit.
you need to ensure that the unlang and regex handles this.


> Which is "better" will depend on exactly what you're trying to do. I use 
> the former, but mostly for historical reasons. The latter may be 
> somewhat more flexible.

I've moved to the latter because of the flexibility - especially if you have 
3rd party realms to deal with that wont be sent off to a default external proxy
farm. 

alan



More information about the Freeradius-Users mailing list