Heya,
I recently went through the same.
I found the following worked best in our situation, it may and may not work
for you.
I use the rewrite facility to append the realm for any username that does
not have an "@" in the name.
#Note that there is what appears to be a bug in the REGEXP.
#If the "$" is the last character in the regexp, it seems to get dropped
(Check the FreeRadius debug screen).
#So you need to append something after the $ to make sure it isnt the last
character.
#I use .? (0 or more of any char) wich seems to do the trick. Using two "$"
was also recommended.
modules {
<...>
attr_rewrite add_realm {
attribute = User-Name
searchin = packet
searchfor = "[EMAIL PROTECTED]"
replacewith = "@myrealm"
ignore_case = yes
new_attribute = no
max_matches = 1
#The append saves having to get hectic in the replacewith
string (eg replacewith [EMAIL PROTECTED])
append = yes
}
<...>
}
authorize {
add_realm
preprocess
<...>
}
preacct {
add_realm
preprocess
<..>
}
HTH
-Rob
----- Original Message -----
From: "Kent Holloway" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 11, 2003 4:54 PM
Subject: RE: Preproxy help?
Ok I am trying to re-write any username that does not have an @ symbol to be
something new.
Here is my radiusd.conf file and my preproxy_users file.
So in my test case username 'blah' would be re-written to be
'[EMAIL PROTECTED]'
There is very little for examples in the preproxy file and there is even
less in the documentation or in the archives for this list so I was hoping
that someone else had used this in the past and if so how did you get it to
work?
Running the server in debug mode does not show any errors or info lines
related to the preproxy file other than it being loaded by the server at
startup.
We are testing by using the radtest tool which we have verified is working
with our current configuration.
The problem is that the username simply never gets re-written.
Thanks in advance..
-Kent
---preproxy_users---
DEFAULT User-Name !~ "@"
User-Name := [EMAIL PROTECTED]
---radiusd.conf---
prefix = /opt/freeradius
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = radius
group = radius
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
eap {
md5 {
}
}
mschap {
authtype = MS-CHAP
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
realm suffix {
format = suffix
delimiter = "@"
}
realm realmslash {
format = prefix
delimiter = "/"
}
realm realmpercent {
format = suffix
delimiter = "%"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
}
instantiate {
expr
}
authorize {
preprocess
mschap
suffix
files
}
authenticate {
authtype PAP {
pap
}
authtype MS-CHAP {
mschap
}
unix
}
preacct {
preprocess
suffix
files
}
accounting {
acct_unique
detail
unix # wtmp file
radutmp
}
session {
radutmp
}
post-auth {
# Get an address from the IP Pool.
#main_pool
}
-----Original Message-----
From: Gene Parks [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 7:25 PM
To: [EMAIL PROTECTED]
Subject: RE: Preproxy help?
Can you tell us exactly what it is you are looking to do? It would help
us in pointing you in the right direction.
Gene
-----Original Message-----
From: Kent Holloway [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 6:02 PM
To: [EMAIL PROTECTED]
Subject: Preproxy help?
I have searched the archives and there is very little info on the
preproxy stuff in Radius.
Does anyone have some working example configs or maybe a little more in
depth info about it?
Thanks in advance.
P.S. We are using freeradius 0.8.1
-Kent
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
