choose proxy based on AD
David McPike
davidmcpike at gmail.com
Wed Sep 29 17:38:38 CEST 2010
Thanks for the suggestion, Alan. I have the regex matching
successfully now. However, I am unclear about how to resolve the next
issue. I have the following configuration in authorize:
if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) {
update request {
Stripped-User-Name := "%{3}"
}
}
ntdomain
It appears that the =~ line updates User-Name, preventing ntdomain
from proxying the request. I tried manually resetting it in the
update block with User-Name := "%{0}" but I am getting the same
results:
rad_recv: Access-Request packet from host 127.0.0.1 port 38669,
id=107, length=62
User-Name = "realm\\user"
User-Password = "xxxxx"
NAS-IP-Address = x.x.x.x
NAS-Port = 0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++? if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i)
? Evaluating (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) -> TRUE
++? if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) -> TRUE
++- entering if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) {...}
expand: %{0} -> realm\\user
expand: %{3} -> user
+++[request] returns ok
++- if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) returns ok
[ntdomain] No '\' in User-Name = "user", skipping NULL due to config.
++[ntdomain] returns noop
The problem is that if the user has not been migrated to the new
domain I need to retain the supplied realm information and proxy
realm\user to the old radius server.
What else can I do to accomplish this?
Thanks much,
David
On Wed, Sep 29, 2010 at 5:43 AM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> if (User-Name =~ /^[A-z]+\\(.*)/) {
>
>
> not sure of that syntax for regex - char matching is a little more fussy,
> try this
>
> if (User-Name =~ /^[a-z]+\\(.*)/i) {
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list