Hello, Using Freeradius 2.1.10 I have been trying to see if I can proxy a request to a remote server but using a different User-Name attribute based on the original request User-Name attribute.
For example so that: Request '[email protected]' gets proxied to remote server with User-Name="[email protected]" in the proxy request. Request '[email protected]' gets proxied to the same remote server but uses the User-Name="jbloggs" attribute (so no realm) in the proxy request. So basically if a username contains a dot, then proxy on the whole thing (username and realm). But if the username does not contain a dot, then only proxy on the username, no realm. I have been trying in the authorize section to use: ========================= if (Realm !~ /^(NULL|DEFAULT|LOCAL)$/) { if (User-Name =~ /^([^.]+)@/) { update control { Proxy-To-Realm := NULL } } } ========================= The NULL realm will 'strip' the username, and proxy the request to the remote server. However, testing shows that the User-Name being sent is the original one still with the realm: ========================= Tue Mar 26 12:31:07 2013 : Debug: ++? if (Realm !~ /^(NULL|DEFAULT| LOCAL)$/) Tue Mar 26 12:31:07 2013 : Debug: ? Evaluating (Realm !~ /^(NULL| DEFAULT|LOCAL)$/) -> TRUE Tue Mar 26 12:31:07 2013 : Debug: ++? if (Realm !~ /^(NULL|DEFAULT| LOCAL)$/) -> TRUE Tue Mar 26 12:31:07 2013 : Debug: ++- entering if (Realm !~ /^(NULL| DEFAULT|LOCAL)$/) {...} Tue Mar 26 12:31:07 2013 : Debug: +++? if (User-Name =~ /^([^.]+)@/) Tue Mar 26 12:31:07 2013 : Debug: ? Evaluating (User-Name =~ /^([^.]+)@/) -> TRUE Tue Mar 26 12:31:07 2013 : Debug: +++? if (User-Name =~ /^([^.]+)@/) -> TRUE Tue Mar 26 12:31:07 2013 : Debug: +++- entering if (User-Name =~ /^([^.]+)@/) {...} Tue Mar 26 12:31:07 2013 : Debug: ++++[control] returns updated Tue Mar 26 12:31:07 2013 : Debug: +++- if (User-Name =~ /^([^.]+)@/) returns updated Tue Mar 26 12:31:07 2013 : Debug: ++- if (Realm !~ /^(NULL|DEFAULT| LOCAL)$/) returns updated Tue Mar 26 12:31:07 2013 : Debug: ++[local_mschap] returns noop Tue Mar 26 12:31:07 2013 : Debug: [eap] Request is supposed to be proxied to Realm NULL. Not doing EAP. Tue Mar 26 12:31:07 2013 : Debug: ++[eap] returns noop Tue Mar 26 12:31:07 2013 : Debug: ++[files] returns noop Tue Mar 26 12:31:07 2013 : Debug: ++[expiration] returns noop Tue Mar 26 12:31:07 2013 : Debug: ++[logintime] returns noop Tue Mar 26 12:31:07 2013 : Debug: ++[pap] returns noop ... Tue Mar 26 12:31:07 2013 : Debug: Sending Access-Request packet to host 141.163.1.180 port 1812, id=140, length=191 Tue Mar 26 12:31:07 2013 : Debug: User-Name = "[email protected]" Tue Mar 26 12:31:07 2013 : Debug: NAS-IP-Address = 127.0.0.1 Tue Mar 26 12:31:07 2013 : Debug: Calling-Station-Id = "02-00-00-00-00-01" Tue Mar 26 12:31:07 2013 : Debug: Framed-MTU = 1400 Tue Mar 26 12:31:07 2013 : Debug: NAS-Port-Type = Wireless-802.11 Tue Mar 26 12:31:07 2013 : Debug: Connect-Info = "CONNECT 11Mbps 802.11b" Tue Mar 26 12:31:07 2013 : Debug: EAP-Message = 0x020c00261900170301001b3fb7e62a2e47d33ede49271ebc0c70dc92c4a82ac889c9b1867ddc Tue Mar 26 12:31:07 2013 : Debug: State = 0x28af050f0000013700018da3c9b4000000035b2fcad100 Tue Mar 26 12:31:07 2013 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Tue Mar 26 12:31:07 2013 : Debug: Realm = "plymouth.ac.uk" Tue Mar 26 12:31:07 2013 : Debug: EAP-Type = PEAP Tue Mar 26 12:31:07 2013 : Debug: Proxy-State = 0x3132 ========================= As the output shows 'Request is supposed to be proxied to Realm NULL', so the authorize bit seems to be working, but the realm is not being stripped from the username. The proxy.conf file simply has: ========================= realm NULL { auth_pool = local_proxies } ========================= So the realm should be stripped from the username. Anyone any ideas about this? Thanks, John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
