On 26.03.2013 13:50, John Horne wrote: > Hello, > > Using Freeradius 2.1.10 I have been trying to see if I can proxy a > request to a remote server but using a different User-Name attribute > based on the original request User-Name attribute. > > For example so that: > Request 'j.blo...@plymouth.ac.uk' gets proxied to remote server with > User-Name="j.blo...@plymouth.ac.uk" in the proxy request. > Request 'jblo...@plymouth.ac.uk' gets proxied to the same remote server > but uses the User-Name="jbloggs" attribute (so no realm) in the proxy > request. > > So basically if a username contains a dot, then proxy on the whole thing > (username and realm). But if the username does not contain a dot, then > only proxy on the username, no realm. > > I have been trying in the authorize section to use: > > ========================= > if (Realm !~ /^(NULL|DEFAULT|LOCAL)$/) { > if (User-Name =~ /^([^.]+)@/) { > update control { > Proxy-To-Realm := NULL > } > } > } > ========================= > > The NULL realm will 'strip' the username, and proxy the request to the > remote server. However, testing shows that the User-Name being sent is > the original one still with the realm:
If the NULL realm is set to strip, then the stripped user name will be stored in the attribute "Stripped-User-Name". User-Name will remain untouched. After your update control, you can do : update request { User-Name := %{Stripped-User-Name:-%{User-Name}} } You could also use the preproxy_users which allow you to rewrite the request before it is proxied. It contains the exact example for your case. Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html