David McPike wrote:
Excellent! Thanks, Alan. I have all my test cases working now except
for one. I still need to retain the original realm information in the
supplied User-Name. The old radius server needs it as part of the
username to know which child domain controller to contact for
In other words, if I proxy to the old radius server, the username
needs to be realm\user again.
Set nostrip in the realm configuration.
I finally have a solution. I wanted to keep strip enabled because I
have to perform the LDAP query on the stripped username. So, I added
the following
Hello All,
We are in the process of migrating users from one AD tree to another.
The migrated accounts will exist in both AD directories for a while
(usernames will not change) and I need to be able to choose a radius
server based on an LDAP group membership. I have this working fine
for cases
Hi,
if (User-Name =~ /^[A-z]+\\(.*)/) {
not sure of that syntax for regex - char matching is a little more fussy,
try this
if (User-Name =~ /^[a-z]+\\(.*)/i) {
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the suggestion, Alan. I have the regex matching
successfully now. However, I am unclear about how to resolve the next
issue. I have the following configuration in authorize:
if (User-Name =~ /(^[a-z]+)(+)([a-z0-9]+$)/i) {
update request {
David McPike wrote:
The problem is that if the user has not been migrated to the new
domain I need to retain the supplied realm information and proxy
realm\user to the old radius server.
What else can I do to accomplish this?
update control {
Proxy-To-Realm := foo
}
That is
Excellent! Thanks, Alan. I have all my test cases working now except
for one. I still need to retain the original realm information in the
supplied User-Name. The old radius server needs it as part of the
username to know which child domain controller to contact for
authentication, otherwise
7 matches
Mail list logo
