Just curious, I noticed that you are trying to add a realm to the username and then stripping it back off to do the search. Can you tell me the point? Are you proxying to different servers based on realm?
Gene -----Original Message----- From: Kent Holloway [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: Preproxy help? Ok I am trying to re-write any username that does not have an @ symbol to be something new. Here is my radiusd.conf file and my preproxy_users file. So in my test case username 'blah' would be re-written to be '[EMAIL PROTECTED]' There is very little for examples in the preproxy file and there is even less in the documentation or in the archives for this list so I was hoping that someone else had used this in the past and if so how did you get it to work? Running the server in debug mode does not show any errors or info lines related to the preproxy file other than it being loaded by the server at startup. We are testing by using the radtest tool which we have verified is working with our current configuration. The problem is that the username simply never gets re-written. Thanks in advance.. -Kent ---preproxy_users--- DEFAULT User-Name !~ "@" User-Name := [EMAIL PROTECTED] ---radiusd.conf--- prefix = /opt/freeradius exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid user = radius group = radius max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } eap { md5 { } } mschap { authtype = MS-CHAP } ldap { server = "ldap.your.domain" basedn = "o=My Org,c=UA" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no tls_mode = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } realm suffix { format = suffix delimiter = "@" } realm realmslash { format = prefix delimiter = "/" } realm realmpercent { format = suffix delimiter = "%" } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } } instantiate { expr } authorize { preprocess mschap suffix files } authenticate { authtype PAP { pap } authtype MS-CHAP { mschap } unix } preacct { preprocess suffix files } accounting { acct_unique detail unix # wtmp file radutmp } session { radutmp } post-auth { # Get an address from the IP Pool. #main_pool } -----Original Message----- From: Gene Parks [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 7:25 PM To: [EMAIL PROTECTED] Subject: RE: Preproxy help? Can you tell us exactly what it is you are looking to do? It would help us in pointing you in the right direction. Gene -----Original Message----- From: Kent Holloway [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 6:02 PM To: [EMAIL PROTECTED] Subject: Preproxy help? I have searched the archives and there is very little info on the preproxy stuff in Radius. Does anyone have some working example configs or maybe a little more in depth info about it? Thanks in advance. P.S. We are using freeradius 0.8.1 -Kent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
