Matthew P wrote: > Although, now a new problem arrised - I can't seem to get the (stripped) > username in the inner-tunnel with preprocess. > So the username stays in the form - "u...@mydomain.com", but that isn't > usable for a LDAP search (on the AD).
So... decode the user-name using a regex. You can then use that in the LDAP configuration. The LDAP user search is configurable for a *reason*. > Because there are realms involved in the scenario. > If the realm is "mydomain.com" then radius needs to lookup a user in AD. > If the realm is "mydomain2.com" then it needs to consult sql. > Otherwise it should proxy the request to a home server. > > What would be a proper way to do this? I thought setting up a virtual server > for every scenario is the way to go? It's an option, but not the only way to do it. if (User-Name =~ /@mydomain.com/) { ldap } elsif (User-Name =~ /@mydomain2.com) { sql } else { update control { Proxy-To-Realm := "other" } } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html