Hi,
You can add the below in the hints file
DEFAULT User-Name =~ "^([...@]+)@([[:alnum:].\-_]*)$"
Stripped-User-Name = "%{1}",
Suffix = "%{2}"
Regards,
Sajeewa Warnakulasuriya
Systems Development Manager
ispONE is a wholesale ISP built to help internet access resellers and
independent ISPs to compete in the Australian marketplace through
ONE Brand, ONE Provider, ONE Solution.
Level 14
520 Collins Street
Melbourne 3000 VIC
Phone: 1300 663 400
Fax: 1300 665 400
E-Mail: [email protected]
Web: http://www.ispone.com.au/
On Tue, 29 Jun 2010, Rob Turner wrote:
Problem: Cannot expand %{Realm} or %{Suffix} control attributes for use unless
realm is explicitly defined in proxy.conf
I'm using freeradius2-2.1.7-7.el5 with ldap module. I would like to perform an
ldap dip to get the radiusProxyToRealm attribute for each request based on
Suffix as configured in modules/ldap:
filter = "(radiusRealm=%{Suffix})"
NOTE: If using <filter = "(radiusRealm=domain.com)"> in modules/ldap,
radiusProxyToRealm is returned successfully and things work as expected. In this case the
Proxy-To-Realm (which is mapped in ldap.attrmap) is set in ldap to proxy.com and proxy.com is
defined in proxy.conf.
Output from radiusd -X:
...
[suffix] Looking up realm "domain.com" for User-Name = "[email protected]"
[suffix] No such realm "domain.com"
++[suffix] returns noop
++[files] returns noop
[ldap] performing user authorization for [email protected]
[ldap] expand: (radiusRealm=%{Suffix}) -> (radiusRealm=)
...
After reading man unlang, I have also attempted (without success) to expand
using the following in ldap filter:
%{control:Realm}
%{control:Suffix}
%{suffix:User-Name}
%{realm:User-Name}
Finally, after revisiting man rlm_realm, I read the following which is of
concern as I don't see any other way to utilize the radiusProxyToRealm
attribute in ldap:
"In either case, a Realm attribute is created and added to the packet on a match,
which can be used by other modules."
Is there currently anyway to always match (regardless if the realm is defined
in proxy.conf) in order to create a Stripped-User-Name and Realm run-time
variable with every request?
Regards,
Rob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
