So, according to the docs in proxy.conf and Arran's comment here, the regex
stuff should work fineā¦but in 2.1.11, we're not seeing that behavior. Right
now, requests are only getting proxied properly if it's an exact match on the
realm name ( realm "hokies" { or realm "w2k.vt.edu" { ), whereas the regex
realm syntax doesn't seem to be working at all ( realm "~hokies" { or realm
"~.*w2k\\.vt\\.edu" { aren't matched).
The first example isn't a huge loss, but not being able to use regex match on
suffix domains is a real problem. Regex matching seemed to work in 2.1.9,
2.1.10, and earlier candidates for 2.1.11, so I'm not coming up with a good
answer as to why this shouldn't be working now. I can confirm that the
Proxy-To-Realm attribute is being correctly set in the control list within the
authorize stanza. Am I misinterpreting the instructions, or is this unintended
behavior?
Thanks much,
Jacob M. Dawson
On 25 Jul 2011, at 16:37, Arran Cudbard-Bell wrote:
> Sorry only first one is fictitious, second one should work fine :)
>
> -Arran
>
>
> On 25 Jul 2011, at 22:33, Arran Cudbard-Bell wrote:
>
>> Impressive, you've both made up entirely fictitious syntaxes for doing
>> proxying... Um anyway.
>>
>>
>> if(User-Name =~ /REGEX/){
>> update control {
>> Proxy-To-Realm := 'my_proxy_realm'
>> }
>> }
>>
>> Then configure the realm in proxy.conf. Subcapture groups can provide you
>> with parts of the User-Name string and can be accessed using the %{0}, %{1},
>> %{2}... etc variables
>>
>> You don't need to do anything if you're just doing local authentication....
>>
>>
>> -Arran
>>
>> On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote:
>>
>>> We did this through our realms see code:
>>>
>>> In your proxy.conf
>>>
>>> realm "~.*umhb\\.edu$" {
>>> #### some code here###
>>> ###usually the virtual server you want to proxy them to###
>>> }
>>>
>>> If I am understanding your question right that should do it, but others may
>>> have a better way .. or I could be on crack ...
>>>
>>>
>>> -----Original Message-----
>>> From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org
>>> [mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org]
>>> On Behalf Of Charles Plater
>>> Sent: Monday, July 25, 2011 3:05 PM
>>> To: [email protected]
>>> Subject: Proxying based on a regex
>>>
>>> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the
>>> format of the ID. I have a working regex that determines the domain to
>>> which the request should be sent, but I'm having a hard time figuring out
>>> the syntax of the proxy statement. Here's what I've tried:
>>>
>>> if (User-Name !~ <REGEX>) {
>>> proxy: domain.name
>>> else {
>>> proxy: LOCAL
>>> }
>>> }
>>>
>>> FWIW, I can successfully authenticate do the "domain.name" realm by using
>>> [email protected].
>>>
>>> Can anyone offer any suggestions? Thanks in advance.
>>> --
>>> Charles Plater
>>> Lead Application Technical Analyst
>>> Internet Services
>>> +1-313-577-4620
>>> [email protected]
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>> Arran Cudbard-Bell
>> [email protected]
>>
>> RADIUS - Half the complexity of Diameter
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> Arran Cudbard-Bell
> [email protected]
>
> RADIUS - Half the complexity of Diameter
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
