Hello Alan,
I think I haven't explained well my problem, or I have not understand your
help, anyway thanks for all.
Let's say I have two users in MySQL database, each one I with their own IP :
[EMAIL PROTECTED] -> Framed.IP-Address 10.0.0.4
[EMAIL PROTECTED] -> Framed-IP-Address 10.11.0.4
I want to force that the whole realm adsl.realm1 must be rewritten as
adsl.realm1.com so I won't have to add the same user as [EMAIL PROTECTED]
and [EMAIL PROTECTED]
If I configure both adsl.realm1 and adsl.realm1.com with the same Autz-Type
and strip the username, I can modify sql.conf in order to append
"@adsl.realm1.com" in the SQL queries and use Stripped-User-Name as
sql_user_name with no problem and works.
The problem is that I have this problem with several realms so if I can
rewrite Realm in the freeradius configuration (not in freeradius-dialupadmin)
I would not have to do a new sql configuration for every rewrite because I
could append %{Realm} and it could be much cleaner.
Probably there is a simple way to achieve it but I'm newbie in freeradius and
I have tried Proxy-To-Realm, att_rewrite, etc. but without success.
DEFAULT Realm == "adsl.realm1", Realm := adsl.realm1.com
DEFAULT Realm == "adsl.realm1.com", Autz-Type := adsl.realm1.com
Freeradius in debug mode says:
rlm_realm: Looking up realm "adsl.realm1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "adsl.realm1"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm adsl.realm1
rlm_realm: Adding Realm = "adsl.realm1"
rlm_realm: Authentication realm is LOCAL.
Regards,
David
El Jueves, 17 de Marzo de 2005 18:48, Alan DeKok escribi�:
> David Manchado <[EMAIL PROTECTED]> wrote:
> > Due to limitations on freeradius-dialupadmin I have all users in the form
> > [EMAIL PROTECTED] without stripping in order to support that I can user
> > [EMAIL PROTECTED] and [EMAIL PROTECTED] with their own reply attributes.
>
> You should be able to add "realm1" as a check item. e.g. Realm ==
> "realm1".
>
> > In the users file I can use regexp so both realm.com and adsl.realm.com
> > can use the same Autz-Type definition and using stripped-username I can
> > authenticate the two realms in the same users file, but I cannot strip
> > it.
> >
> > The question is, is there any way to rewrite the realm? I have tried with
> > att_rewrite but I can't make it work.
>
> Regular expressions. In the CVS head, you can match:
>
> User-name =~ "^(.*)@.*realm.com"
>
>
> And %{1} will be the username, without the realm identifier.
>
> Alan DekOk.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
David Manchado
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
