New User and AD Question
Arran Cudbard-Bell
a.cudbardb at gmail.com
Tue Mar 1 02:12:44 CET 2011
>>
>
> That looks like Perl. Perl, I can deal with. I do have multiple domains to attack. If I can come up with something generic that works for at least two domains, I'll post it here. Looks predictable enough. I'm thinking along the lines of something like this:
>
> # BOL, "host", a slash, one or more non-dot characters, a dot,
> # one or more non-whitespace chars, EOL.
> if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
> update control {
> Proxy-To-Realm := %{2};
> }
> }
>
> I have two toddlers crawling on me at the moment (literally), so I haven't checked unlang syntax, but from Perl, that's more or less what it would look like. %{1} would contain the host name. Do I need to update the User-Name to just %{1} and/or update other fields related to the realm (domain)?
Yes, that's correct.
If you have multiple realms you may want to use a case statement
> # BOL, "host", a slash, one or more non-dot characters, a dot,
> # one or more non-whitespace chars, EOL.
> if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) {
switch "%{2}" {
case 'my-domain-string-1' {
update control {
Proxy-To-Realm := 'my-domain-1'
}
}
case 'my-domain-string-2' {
update control {
Proxy-To-Realm := 'my-domain-1'
}
}
case 'my-domain-string-3' {
update control {
Proxy-To-Realm := 'my-domain-2'
}
}
case {
# Domain not recognised
}
}
> }
>
> It may be difficult to try this before tomorrow morning, since I'm now off site, but I'll at least work at it until "radiusd -X" is happy with it.
-Arran
More information about the Freeradius-Users
mailing list