Did you let anyone know about this bug? Sounds like it needs to be fixed to
me...
Peter
On Sat July 12 2003 18:36, Rob Hartzenberg wrote:
> Heya,
>
> I recently went through the same.
> I found the following worked best in our situation, it may and may not work
> for you.
> I use the rewrite facility to append the realm for any username that does
> not have an "@" in the name.
>
> #Note that there is what appears to be a bug in the REGEXP.
> #If the "$" is the last character in the regexp, it seems to get dropped
> (Check the FreeRadius debug screen).
> #So you need to append something after the $ to make sure it isnt the last
> character.
> #I use .? (0 or more of any char) wich seems to do the trick. Using two "$"
> was also recommended.
>
> modules {
> <...>
> attr_rewrite add_realm {
> attribute = User-Name
> searchin = packet
> searchfor = "[EMAIL PROTECTED]"
> replacewith = "@myrealm"
> ignore_case = yes
> new_attribute = no
> max_matches = 1
> #The append saves having to get hectic in the replacewith
> string (eg replacewith [EMAIL PROTECTED])
> append = yes
> }
> <...>
> }
>
> authorize {
> add_realm
> preprocess
> <...>
> }
>
> preacct {
> add_realm
> preprocess
> <..>
> }
>
> HTH
> -Rob
>
> ----- Original Message -----
> From: "Kent Holloway" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 11, 2003 4:54 PM
> Subject: RE: Preproxy help?
>
>
> Ok I am trying to re-write any username that does not have an @ symbol to
> be something new.
> Here is my radiusd.conf file and my preproxy_users file.
> So in my test case username 'blah' would be re-written to be
> '[EMAIL PROTECTED]'
>
> There is very little for examples in the preproxy file and there is even
> less in the documentation or in the archives for this list so I was hoping
> that someone else had used this in the past and if so how did you get it to
> work?
>
> Running the server in debug mode does not show any errors or info lines
> related to the preproxy file other than it being loaded by the server at
> startup.
>
> We are testing by using the radtest tool which we have verified is working
> with our current configuration.
> The problem is that the username simply never gets re-written.
>
> Thanks in advance..
>
> -Kent
>
> ---preproxy_users---
> DEFAULT User-Name !~ "@"
> User-Name := [EMAIL PROTECTED]
>
> ---radiusd.conf---
> prefix = /opt/freeradius
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
> localstatedir = ${prefix}/var
> sbindir = ${exec_prefix}/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = ${exec_prefix}/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radius
> group = radius
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions = yes
> log_stripped_names = no
> log_auth = no
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> }
> proxy_requests = yes
> $INCLUDE ${confdir}/proxy.conf
> $INCLUDE ${confdir}/clients.conf
> $INCLUDE ${confdir}/snmp.conf
> thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
> }
>
> modules {
> pap {
> encryption_scheme = crypt
> }
> pam {
> pam_auth = radiusd
> }
> unix {
> cache = no
> cache_reload = 600
> radwtmp = ${logdir}/radwtmp
> }
> eap {
> md5 {
> }
> }
> mschap {
> authtype = MS-CHAP
> }
> ldap {
> server = "ldap.your.domain"
> basedn = "o=My Org,c=UA"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> tls_mode = no
> access_attr = "dialupAccess"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
> realm suffix {
> format = suffix
> delimiter = "@"
> }
> realm realmslash {
> format = prefix
> delimiter = "/"
> }
> realm realmpercent {
> format = suffix
> delimiter = "%"
> }
> preprocess {
> huntgroups = ${confdir}/huntgroups
> hints = ${confdir}/hints
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> }
> files {
> usersfile = ${confdir}/users
> acctusersfile = ${confdir}/acct_users
> compat = no
> }
>
> detail {
> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
> detailperm = 0600
> }
>
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
> NAS-Port-Id"
> }
> $INCLUDE ${confdir}/sql.conf
> radutmp {
> filename = ${logdir}/radutmp
> perm = 0600
> callerid = "yes"
> }
>
> radutmp sradutmp {
> filename = ${logdir}/sradutmp
> perm = 0644
> callerid = "no"
> }
>
> attr_filter {
> attrsfile = ${confdir}/attrs
> }
> counter {
> filename = ${raddbdir}/db.counter
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> allowed-servicetype = Framed-User
> cache-size = 5000
> }
>
> always fail {
> rcode = fail
> }
> always reject {
> rcode = reject
> }
> always ok {
> rcode = ok
> simulcount = 0
> mpp = no
> }
>
> expr {
> }
> }
>
> instantiate {
> expr
> }
>
> authorize {
> preprocess
> mschap
> suffix
> files
> }
>
> authenticate {
> authtype PAP {
> pap
> }
> authtype MS-CHAP {
> mschap
> }
> unix
> }
> preacct {
> preprocess
> suffix
> files
> }
>
> accounting {
> acct_unique
> detail
> unix # wtmp file
> radutmp
> }
>
> session {
> radutmp
> }
>
> post-auth {
> # Get an address from the IP Pool.
> #main_pool
> }
>
> -----Original Message-----
> From: Gene Parks [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 7:25 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Preproxy help?
>
>
> Can you tell us exactly what it is you are looking to do? It would help
> us in pointing you in the right direction.
>
> Gene
>
> -----Original Message-----
> From: Kent Holloway [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 6:02 PM
> To: [EMAIL PROTECTED]
> Subject: Preproxy help?
>
>
> I have searched the archives and there is very little info on the
> preproxy stuff in Radius.
>
> Does anyone have some working example configs or maybe a little more in
> depth info about it?
>
> Thanks in advance.
>
> P.S. We are using freeradius 0.8.1
>
> -Kent
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
