On Tue, 31 Oct 2006, Sergey Poznyakoff wrote:
Charles Sprickman <[EMAIL PROTECTED]> wrote:
We also have domain accounts where the user's actual username is
"[EMAIL PROTECTED]". We instruct those users to use
"[EMAIL PROTECTED]" when dialing in.
As a side note: they could have safely used another '@', as the proxying
protocol allows for stacking the user domains
(e.g. [EMAIL PROTECTED]@bway.net).
The "@bway.net" is stripped by our dial provider and we see the user as
"username%domain.com".
From what I see in your previous posting, they seem to fail to do so:
Oct 25 15:53:10 elephant radiusd: Auth.debug:
mysql.c:216:rad_mysql_exec: query:
SELECT attr,value FROM radius_attrib WHERE username='[EMAIL PROTECTED]' AND
op IS NULL AND domain='[EMAIL PROTECTED]'
The test user logs in using "[EMAIL PROTECTED]"... I'm so lost
with this since I haven't touched it for years (literally).
So, your server received the name as "[EMAIL PROTECTED]" anyway.
Does that pretty much make sense? It's kind of a strange setup...
If I get it right, the domain_split function should return the part
between '%' and '@', if there is a percent sign, the part after '@',
if there's none, and "bway.net" otherwise. Does that make sense? If
so, the following function will do it:
And that seems to be very close to doing what I want... :)
string
domain_split(string name)
{
integer a;
string localpart;
string domainpart;
domainpart = "bway.net"; /* provide the default value */
if (name =~ "\(.*\)@\(.*\)") {
localpart = \1;
domainpart = \2;
} else {
localpart = name;
}
if (localpart =~ "\(.*\)%\(.*\)")
domainpart = \2;
return domainpart;
}
This gets me what I want in the domain part of the query, but the username
still comes up as "foo%foo.com".
I thought the following might fix it up.
I made another rewrite rule named "login_pct" that will return everything
to the left of the "%" in a username:
string
login_pct(string name)
{
integer i;
if ((i = index(name, '\%')) != -1)
return substr(name, 0, i);
return name;
}
But I'm not sure how to get it going. I tried the following in the hints
file:
DEFAULT NULL User-Name = "=login_pct(%[User-Name])"
DEFAULT NULL Auth-Dom = "=domain_split(%[User-Name])"
But that seems to screw everything up...
Nov 1 18:23:20 elephant radiusd: Auth.debug: mysql.c:57:do_mysql_query:
called with SELECT attr,value FROM radius_attrib WHERE
username='test%maniform.com' AND op IS NULL AND domain=''
BTW, that test shell is pretty neat, I had no idea that even existed!
Thanks,
Charles
Here's its output in the test run:
** TEST SHELL **
(radiusd) source /home/gray/1.rw
0
(radiusd) r domain_split("username%domain.com")
domain.com
(radiusd) r domain_split("[EMAIL PROTECTED]")
domain.com
(radiusd) r domain_split("[EMAIL PROTECTED]")
domain.com
(radiusd) r domain_split("username")
bway.net
(radiusd)
I'd like to get it setup with FreeBSD 4.11 and 6.2, would that be helpful?
Sure, that would be great.
Regards,
Sergey
_______________________________________________
Help-gnu-radius mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnu-radius
