On 01/25/2012 07:21 PM, NdK wrote:
That's not doable. If mail is in unibo.it, domain is not unibo.it but
PERSONALE. Same if mail is in esterni.unibo.it . But for studio.unibo.it
domain is STUDENTI.
Ok, so you've got >1 AD domain. Not terribly common, but it ought to
work with mapping as per the 2nd solution.
If you can't ignore the realm, you can do something like:
modules/mschap:
...
ntlm_auth = ".. \
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name}} \
--nt-domain=%{%{Realm}:-DEFAULT}"
More something like %{%{mschap:Domain}:-%{Realm}:-PERSONALE} ...
[...]
So I *can* insert unlang code there! Perfect!
No. This is not "unlang". It's just a string expansion.
Unlang is a processing "language" that is only valid inside the virtual
server "authorize", "post-auth", etc. sections. It's not valid in module
configs.
String expansions (which are valid in unlang) are valid most (not all)
places.
So:
1. Use "unlang" in authorize to set a string variable (e.g. Realm)
2. Use string expansions in the "ntlm_auth" config of the "mschap"
module to access the string variable.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
