choose proxy based on AD

David McPike davidmcpike at gmail.com
Wed Sep 29 17:38:38 CEST 2010


Thanks for the suggestion, Alan.  I have the regex matching
successfully now.  However, I am unclear about how to resolve the next
issue.  I have the following configuration in authorize:

if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) {
                update request {
                        Stripped-User-Name := "%{3}"
                }
        }
        ntdomain

It appears that the =~ line updates User-Name, preventing ntdomain
from proxying the request.  I tried manually resetting it in the
update block with User-Name := "%{0}" but I am getting the same
results:

rad_recv: Access-Request packet from host 127.0.0.1 port 38669,
id=107, length=62
        User-Name = "realm\\user"
        User-Password = "xxxxx"
        NAS-IP-Address = x.x.x.x
        NAS-Port = 0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++? if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i)
? Evaluating (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) -> TRUE
++? if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) -> TRUE
++- entering if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) {...}
        expand: %{0} -> realm\\user
        expand: %{3} -> user
+++[request] returns ok
++- if (User-Name =~ /(^[a-z]+)(\\\\+)([a-z0-9]+$)/i) returns ok
[ntdomain] No '\' in User-Name = "user", skipping NULL due to config.
++[ntdomain] returns noop

The problem is that if the user has not been migrated to the new
domain I need to retain the supplied realm information and proxy
realm\user to the old radius server.

What else can I do to accomplish this?

Thanks much,
David


On Wed, Sep 29, 2010 at 5:43 AM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> if (User-Name =~ /^[A-z]+\\(.*)/) {
>
>
> not sure of that syntax for regex - char matching is a little more fussy,
> try this
>
> if (User-Name =~ /^[a-z]+\\(.*)/i) {
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list