choose proxy based on AD
David McPike
davidmcpike at gmail.com
Wed Sep 29 12:17:57 CEST 2010
Hello All,
We are in the process of migrating users from one AD tree to another.
The migrated accounts will exist in both AD directories for a while
(usernames will not change) and I need to be able to choose a radius
server based on an LDAP group membership. I have this working fine
for cases where users do not supply a realm but I am not sure of the
best way to do this for users that do supply an ntdomain-style realm.
In the new domain, no one requires a realm (need to strip if the user
has already been migrated), while the old domain has several child
domains. I am using FR 2.1.10.
I was not successful trying to change the proxy server after one had
already been chosen. I tried to remove the Realm attribute in the
authorize section but the request still went to the initially chosen
radius pool.
I tried stripping the realm manually prior to realm processing in
authorize {} but have not been successful yet. I am using a simple
regex like this:
if (User-Name =~ /^[A-z]+\\(.*)/) {
update request {
Stripped-User-Name := "%{1}"
}
}
This always fails for 'radtest realm\\user'.
Am I missing something or is there a more elegant way to accomplish this?
Thanks very much,
David
More information about the Freeradius-Users
mailing list