Freeradius proxy.conf login based
Alan DeKok
aland at deployingradius.com
Sun Jul 14 10:28:04 CEST 2019
On Jul 14, 2019, at 9:27 AM, Olivier CALVANO <o.calvano at gmail.com> wrote:
>
> Actually i use proxy.conf for forward auth-request to the good radius
> server:
>
> realm "~(myrealm.realm)" {
That's treated as a regular expression.
> auth_pool = pool-auth.myrealm.realm
> acct_pool = pool-acct.myrealm.realm
> nostrip
> }
>
> login at myrealm.realm work's very good.
That's good but you don't need to match a regular expression like this. You can just match the string.
> but for one supplier, i want forward based on login, sample:
>
> realm "MSP-*@OTHER" {
> auth_pool = pool-auth.myrealm.realm
> acct_pool = pool-acct.myrealm.realm
> nostrip
> }
>
>
> it's possible ? i think's that i don't have the good synthaxe of realm
> because that's don't work
The "realm" is the *domain name* portion of the User-Name. You can't match *all* of the User-Name in a "realm" block.
What you can do is this:
realm OTHER {
auth_pool = pool-auth.myrealm.realm
acct_pool = pool-acct.myrealm.realm
nostrip
}
And then in the "authorize" section, do:
if (User-Name =~ /^MSP-.*@OTHER/) {
update control {
Proxy-To-Realm := "OTHER"
}
}
else {
suffix # do normal realm matching
}
Alan DeKok.
More information about the Freeradius-Users
mailing list