RE: General Prefix Strip

Mon, 25 Aug 2003 08:15:18 +0000 

Hi,

a long time ago i ask a question about stripping some generel prefixes of befor 
processing. Alan pointed me to the config section
meantioning prefix and sufix.

Well i found this 2.


        realm realmslash {
                format = prefix
                delimiter = "/"
        }

        realm suffix {
                format = suffix
                delimiter = "@"
        }

How can i say here wich prefix needs to be stripped ?

The Problem is we get traffic handed over by a given prefix, let asume FOO/
so users login in with FOO/[EMAIL PROTECTED] are transfered to us via L2TP.

I like to stripp (on all packets acct and auth) the FOO/ part befor any othere 
processing. If at all possible i like to still have
the change process anothere prefix as usual. So that people login in with BAR/[EMAIL 
PROTECTED] get forwared from my proxy based on
BAR/ to anothere server.

At the moment i have done it on Cistron by having a hint (FOO/) configured with 
stripping and in the source i added the hoint
processing to the acct path as well.
I plan to move to freeradius now and like to not patch the code again.


I already thought that the attribute rewriting module mid be an option too.
By configuring it in a way that all username attributes are rewriten.
Something like ...(not tested just guessing)

attr_rewrite username {
        attribute = User-Name
        searchin = packet
        searchfor = "(FOO/|ANOTHERE/|ONEMORE/)"
        replacewith = ""
        ignore_case = yes
        #       new_attribute = no
        #       max_matches = 10
        append = no
        }

Whats your opinion ?


Thanks in advance

        Holger






>-----Original Message-----
>From: [EMAIL PROTECTED]
>[m

ailto:[EMAIL PROTECTED] Behalf Of Alan DeKok
>Sent: Monday, March 10, 2003 10:25 AM
>To: [EMAIL PROTECTED]
>Subject: Re: General Prefix Strip
>
>
>"Holger Steppke" <[EMAIL PROTECTED]> wrote:
>> eg. asume people are login in with foo/[EMAIL PROTECTED] so i like to strip foo/ 
>> from all requests like they had connected
>without foo/
>> Any furter processing should then be based on [EMAIL PROTECTED] also proxying the 
>> requesed based on bar should be possible
>(with nostrip
>> so endradius will see [EMAIL PROTECTED])
>>
>> Is there a feature like this ? and if yes how to configure ?
>
>  Yes.  Look for the words "prefix" and "suffix" in radiusd.conf.
>
>  A surprising amount of information is in the configuration files.
>
>  Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to