New User and AD Question

Alan Buxey A.L.M.Buxey at
Tue Mar 1 11:01:01 CET 2011


> I took this code and modified it, assuming that if the code I wrote before (which tries to use "COL.MISSOURI.EDU" as the realm) doesn't work, I can use the code above to take FOO.MISSOURI.EDU and proxy to the NT domain FOO-USERS, which is more than just massaging the User-Name field.  The switch statement will be necessary to translate the AD domain into the correct NT domain.

this stuff doesnt touch the User-Name - it just looks at it and alters the servers proxy choosing behaviour which
is what makes it useful and powerful.

the language is 'unlang' - its a built in parser in freeradius - making the server very powerful by being able to
actually put coding logic into the config short its brilliant.  'man unlang' for more info

> "radiusd -XC" likes it.  Hopefully, I'll be able to tell if one or both of these schemes works fairly early tomorrow.

I was going to suggest a session of radiusd -X   because in the output you can actually SEE the logic decisions
being made - which really really helps with dealing with false/true hits where you might not expect them..
the old 'why didnt that match?' question gets answered very quickly


More information about the Freeradius-Users mailing list