Matthew P wrote:
> Although, now a new problem arrised - I can't seem to get the (stripped)
> username in the inner-tunnel with preprocess.
> So the username stays in the form - "[email protected]", but that isn't
> usable for a LDAP search (on the AD).
So... decode the user-name using a regex. You can then use that in
the LDAP configuration. The LDAP user search is configurable for a
*reason*.
> Because there are realms involved in the scenario.
> If the realm is "mydomain.com" then radius needs to lookup a user in AD.
> If the realm is "mydomain2.com" then it needs to consult sql.
> Otherwise it should proxy the request to a home server.
>
> What would be a proper way to do this? I thought setting up a virtual server
> for every scenario is the way to go?
It's an option, but not the only way to do it.
if (User-Name =~ /@mydomain.com/) {
ldap
}
elsif (User-Name =~ /@mydomain2.com) {
sql
}
else {
update control {
Proxy-To-Realm := "other"
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
