Routing new RFC7542-style realms
Stefan Paetow
Stefan.Paetow at jisc.ac.uk
Sun Oct 2 20:55:22 CEST 2016
> No, I mean *all* of the logic has to be in unlang. Don't use the realm
>module at all.
Hmmm, to follow up on this... I've gotten it to route correctly, but on
the ultimate destination (i.e. at "realhome.realm"), I now get a message
saying that the EAP Identity does not match User-Name, which then
subsequently leads to failure. It's not quite unexpected since EAP keeps
track of what User-Name *should* be.
Well, the final bit that I came up with (using suffix) was this:
if (&User-Name =~ /([a-zA-Z0-9\-.]+)!(.+)/) {
update control {
Tmp-String-1 := "%{1}"
Tmp-String-2 = &User-Name
}
if ("%{2}" =~ /([a-zA-Z0-9\-.]*)@(.+)/) {
update request {
User-Name := "%{1}@%{control:Tmp-String-1}"
}
}
}
suffix {
updated = 1
noop = reject
}
if (&control:Tmp-String-2) {
update request {
User-Name := &control:Tmp-String-2
}
update control {
Tmp-String-1 !* ANY
Tmp-String-2 !* ANY
}
}
It works on both the sending as well as the receiving end. :-)
With Regards
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT
No. GB 197 0632 86. JiscĀ¹s registered office is: One Castlepark, Tower
Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
More information about the Freeradius-Users
mailing list