"users" defaults move to authorize?
David Aldwinckle
daldwinc at uwaterloo.ca
Tue Oct 13 13:56:27 CEST 2015
Hi List,
Based on a previous thread (hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x) I've been considering the following...
In 2.x I used the "users" file to direct different types of NAS' to different virtual servers, based on some unique attribute. In 3.0.10, should I be doing this in default/authorize, as Alan instructed below?
Examples:
# uw-unsecured SSID
DEFAULT Aruba-Essid-Name == "uw-unsecured", Proxy-To-Realm := "UW_UNSECURED_REALM"
# NG TEST REALM
DEFAULT Aruba-Essid-Name == "uw-nsd", Proxy-To-Realm := "UW_UNSECURED_REALM"
#VPN
DEFAULT Tunnel-Client-Endpoint == "%{request:Calling-Station-ID}", Proxy-To-Realm := "VPN_REALM"
#CR-VPN
DEFAULT Called-Station-Id == "10.10.10.10", Proxy-To-Realm := "VPN_REALM"
#CN-VPN - OUTSIDE
DEFAULT Called-Station-Id == "10.10.10.11", Proxy-To-Realm := "VPN_REALM"
#802.1x
DEFAULT NAS-Port-Type == Ethernet, Proxy-To-Realm := "LOCAL"
Thanks,
Dave
-----Original Message-----
From: Alan DeKok <aland at deployingradius.com<mailto:Alan%20DeKok%20%3caland at deployingradius.com%3e>>
Reply-to: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:FreeRadius%20users%20mailing%20list%20%3cfreeradius-users at lists.freeradius.org%3e>>
Subject: Re: hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x)
Date: Mon, 12 Oct 2015 08:58:41 -0400
On Oct 12, 2015, at 6:09 AM, Bernd <bernd at kroenchenstadt.de<mailto:bernd at kroenchenstadt.de>> wrote:
> we're about to move from a freeradius (freeradius-1.1.3-1.6.el5 on CentOS 5) to a HA freeradius (freeradius-3.0.4-6.el7.x86_64 on CentOS 7) environment.
>
> We're almost there, however, I ran into an issue: I have to rewrite an "%" character to "@". My 'hints' file on the old installation did this perfectly well:
>
> DEFAULT User-Name =~ "bla\-bla\/([^%]+)%kroenchenstadt.de"
> User-Name := "%{1}@kroenchenstadt.de<mailto:%{1}@kroenchenstadt.de>"
Don't use "hints" for that. Just put the configuration into the "authorize" section, in "unlang".
if (User-Name =~ /bla\-bla\/([^%]+)%kroenchenstadt.de/) {
update control {
User-Name := "%{1}@kroenchenstadt.de<mailto:%{1}@kroenchenstadt.de>"
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list