On Sat, Mar 26, 2011 at 5:00 AM, Fajar A. Nugraha <[email protected]> wrote:
> On Sat, Mar 26, 2011 at 4:45 AM, Robert Roll <[email protected]> wrote:
>> A normal authorize might look like:
>>
>>
>> ldapAuthUser
>>
>> if( %Realm ) {
>> ldapAuthVLAN
>> }
>>
>> If one is smart about naming the Group in ldap the same as the Realm,
>> then one can quite easily construct a search filter in the ldap module to
>> look at the appropriate group in ldap. That group would actually have the
>> particular radiusReplyItem to return the correct VLAN...
>>
>> Note that in the above the Realm is quite useful, but there is NO need to
>> actually do proxy, so really no "REAL" need to get into the proxy.conf ?
>
> If you just want to split username@realm into username and realm, you
> should be able to use this in authorize section
>
> if ("%{request:User-Name}" =~ /^(.*)@/) {
Sorry, that should be
if ("%{request:User-Name}" =~ /^(.*)@(.*)/) {
> update request {
> Stripped-User-Name := "%{1}"
> Realm := "%{2}"
> }
> }
>
> As a side note, even if you only use freeradius locally (without any
> external server to proxy to), using proxy can be useful if you have
> multiple realms with different configurations. Using proxy you can
> split the request into different virtual servers based on their realm.
>
> --
> Fajar
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
