Thanks for your help Alan, it really makes a difference when learning about Freeradius configuration.
> So... decode the user-name using a regex. You can then use that in > the LDAP configuration. The LDAP user search is configurable for a > *reason*. I forgot to mention that I need the "user" portion of "[email protected]" for sql too. "[email protected]" only needs to be sent to the home server (in case the user doesn't have "@mydomain.com" or "@mydomain2.com"). In another words, both AD and DB contain usernames, without any realms. I've been reading http://freeradius.org/radiusd/man/unlang.html, and can't seem to figure out how to make the logic - "take everything before @ as a username". So please help. In a general regexp language, I guess that could be done with ([\w.-]+)(?...@.*). > It's an option, but not the only way to do it. > > if (User-Name =~ /@mydomain.com/) { > ldap > } > elsif (User-Name =~ /@mydomain2.com/) { > sql > } > else { > update control { > Proxy-To-Realm := "other" > } > } Works nicely, thanks for this hint. Matthew _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
