I would like to use attr_rewrite with a conditional associated with it.  I
was hoping maybe someone has done this before or may have an idea on an
alternate solution.


For example, say I now have the following:
       attr_rewrite nodomain {
                attribute = Realm
                searchin = packet
                searchfor = "NULL"
                replacewith = "domain1.com"
                ignore_case = yes
                new_attribute = no
                max_matches = 10
                append = no
        }

That would mean that if any user comes in with the username and without
@realm attached to it, then it would pick up the NULL realm value and then
rewrite that to domain1.com.

Now, what I want to do is make it change the realm that is added based on
an attribute that comes in.  So maybe something like.

if (NAS-IP-Address = 10.0.0.0)
   then

       attr_rewrite nodomain {
                attribute = Realm
                searchin = packet
                searchfor = "NULL"
                replacewith = "domain1.com"
                ignore_case = yes
                new_attribute = no
                max_matches = 10
                append = no
        }

and if NAS-IP-Address = 10.0.0.1
then

       attr_rewrite nodomain {
                attribute = Realm
                searchin = packet
                searchfor = "NULL"
                replacewith = "domain2.com"
                ignore_case = yes
                new_attribute = no
                max_matches = 10
                append = no
        }

That way depending on the NAS that comes in, the correct Realm is added.
I don't think you can do that now, anyone have any ideas on an alternate
solution?

--------------

Now here is my problem.  The username comes in now as either user or
[EMAIL PROTECTED]  We want to add a realm domain2.com to the mix.
However, marketing doesn't want to force users to type in @domain2.com
with their username.  So we need to have the realm automatically put in
there based on the NAS-IP it comes from.

Another reason is because if we have a user now that is [EMAIL PROTECTED],
we also want to be able to have another user named [EMAIL PROTECTED]
That way they can have the same username, but be part of a different
realm, all while not forcing the users to add @realm to the end.  The good
news is that users coming from a particular NAS will only be associated
with one of the realms.

Thanks for your help and any ideas are welcome as crazy as they may be.

Dustin Doris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to