"users" defaults move to authorize?

David Aldwinckle daldwinc at uwaterloo.ca
Tue Oct 13 13:56:27 CEST 2015

Hi List,

Based on a previous thread (hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x) I've been considering the following...

In 2.x I used the "users" file to direct different types of NAS' to different virtual servers, based on some unique attribute. In 3.0.10, should I be doing this in default/authorize, as Alan instructed below?


# uw-unsecured SSID
DEFAULT Aruba-Essid-Name == "uw-unsecured", Proxy-To-Realm := "UW_UNSECURED_REALM"

DEFAULT Aruba-Essid-Name == "uw-nsd", Proxy-To-Realm := "UW_UNSECURED_REALM"

DEFAULT Tunnel-Client-Endpoint == "%{request:Calling-Station-ID}", Proxy-To-Realm := "VPN_REALM"

DEFAULT Called-Station-Id == "", Proxy-To-Realm := "VPN_REALM"

DEFAULT Called-Station-Id == "", Proxy-To-Realm := "VPN_REALM"

DEFAULT NAS-Port-Type == Ethernet, Proxy-To-Realm := "LOCAL"


-----Original Message-----
From: Alan DeKok <aland at deployingradius.com<mailto:Alan%20DeKok%20%3caland at deployingradius.com%3e>>
Reply-to: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:FreeRadius%20users%20mailing%20list%20%3cfreeradius-users at lists.freeradius.org%3e>>
Subject: Re: hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x)
Date: Mon, 12 Oct 2015 08:58:41 -0400

On Oct 12, 2015, at 6:09 AM, Bernd <bernd at kroenchenstadt.de<mailto:bernd at kroenchenstadt.de>> wrote:
> we're about to move from a freeradius (freeradius-1.1.3-1.6.el5 on CentOS 5) to a HA freeradius (freeradius-3.0.4-6.el7.x86_64 on CentOS 7) environment.
> We're almost there, however, I ran into an issue: I have to rewrite an "%" character to "@". My 'hints' file on the old installation did this perfectly well:
> DEFAULT User-Name =~ "bla\-bla\/([^%]+)%kroenchenstadt.de"
>        User-Name := "%{1}@kroenchenstadt.de<mailto:%{1}@kroenchenstadt.de>"

  Don't use "hints" for that.  Just put the configuration into the "authorize" section, in "unlang".

        if (User-Name =~ /bla\-bla\/([^%]+)%kroenchenstadt.de/) {
                update control {
                        User-Name := "%{1}@kroenchenstadt.de<mailto:%{1}@kroenchenstadt.de>"

  Alan DeKok.

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list