Ok I am trying to re-write any username that does not have an @ symbol to be something
new.
Here is my radiusd.conf file and my preproxy_users file.
So in my test case username 'blah' would be re-written to be '[EMAIL PROTECTED]'
There is very little for examples in the preproxy file and there is even less in the
documentation or in the archives for this list so I was hoping that someone else had
used this in the past and if so how did you get it to work?
Running the server in debug mode does not show any errors or info lines related to the
preproxy file other than it being loaded by the server at startup.
We are testing by using the radtest tool which we have verified is working with our
current configuration.
The problem is that the username simply never gets re-written.
Thanks in advance..
-Kent
---preproxy_users---
DEFAULT User-Name !~ "@"
User-Name := [EMAIL PROTECTED]
---radiusd.conf---
prefix = /opt/freeradius
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = radius
group = radius
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
eap {
md5 {
}
}
mschap {
authtype = MS-CHAP
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
realm suffix {
format = suffix
delimiter = "@"
}
realm realmslash {
format = prefix
delimiter = "/"
}
realm realmpercent {
format = suffix
delimiter = "%"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
}
instantiate {
expr
}
authorize {
preprocess
mschap
suffix
files
}
authenticate {
authtype PAP {
pap
}
authtype MS-CHAP {
mschap
}
unix
}
preacct {
preprocess
suffix
files
}
accounting {
acct_unique
detail
unix # wtmp file
radutmp
}
session {
radutmp
}
post-auth {
# Get an address from the IP Pool.
#main_pool
}
-----Original Message-----
From: Gene Parks [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 7:25 PM
To: [EMAIL PROTECTED]
Subject: RE: Preproxy help?
Can you tell us exactly what it is you are looking to do? It would help
us in pointing you in the right direction.
Gene
-----Original Message-----
From: Kent Holloway [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 6:02 PM
To: [EMAIL PROTECTED]
Subject: Preproxy help?
I have searched the archives and there is very little info on the
preproxy stuff in Radius.
Does anyone have some working example configs or maybe a little more in
depth info about it?
Thanks in advance.
P.S. We are using freeradius 0.8.1
-Kent
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
