>Currently my institution allows for registered users to create guest accounts >for visitors to enable wireless access for the guest users (Wireless access is >controlled via Captive Portal/PAP with a Kerberos Directory backend).. >Registered users create the guest accounts using the guest users eMail >address, such as [email protected] [email protected] etc etc etc. This poses a >slight problem though as the "@" sign is a reserved character for Kerberos and >thus principles with the "@" cannot be created within our KDC. To solve this >problem the account generation application substitutes the "@" for a "+" (so >kerberos principles are created in the form jdoe+gmail.com jdoe+hotmail.com). >If guest users remember to sub a "+" for their "@" all is well, however often >times people forget this and get stuck wondering why their username >[email protected] is failing when they have been assured all is well. >To completely eradicate this situation we would like to place a Freeradius >instance in place of our proprietary radius solution and have it perform the >substitution during authentication, so neither the Guest or registered user >need concern themselves with the whole "@" "+" thing (so from their standpoint >the principle is [email protected] nice and easy... for them ;) >I have been trying to determine the best way to accomplish this and would >greatly appreciate any ideas as to how this may be completed.
Use regex to rewrite usernames with @ in them. You have some examples on the wiki: http://wiki.freeradius.org/Adding%2C_Removing%2C_Modifying_Attributes_for_further_processing Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
