Strip off the domain part from the User-Name
Robert Roll
Robert.Roll at utah.edu
Sat Mar 26 16:54:56 CET 2011
Thank You ! This is very good information...
I did NOT realize that user at undefinedRealm would NOT
preserve Realm..... That does make a hugh difference...
I did read your other post, and am really NOT adverse to making use of
unlang. I did start to read a little about policy.conf and like the idea of
sort of "subroutines" defined there...
Thanks Much,
Robert
________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] On Behalf Of Phil Mayers [p.mayers at imperial.ac.uk]
Sent: Saturday, March 26, 2011 4:59 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Strip off the domain part from the User-Name
On 03/25/2011 09:45 PM, Robert Roll wrote:
>
> Note that in the above the Realm is quite useful, but there is NO need to
> actually do proxy, so really no "REAL" need to get into the proxy.conf ?
This is a good reason to use unlang rather than realm. "realm" is
designed for proxying, always gets it list of realms from "proxy.conf"
and sets the control:Proxy-To-Realm attribute.
You also may not realise that user at undefined realm will set:
Stripped-User-Name = use
Realm = DEFAULT
i.e. the Realm value does *not* preserve the text after the @.
Your original problem (crazy loop) occurred because the DEFAULT realm
you defined in proxy.conf was pointing somewhere else - probably back at
the very same radius server, resulting in an infinite loop.
HTH
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list