Thanks for the ideas, I'll give them a try. -Dustin Doris
On Mon, 17 Mar 2003, Christophe Boyanique wrote: > On Thu, Mar 13, 2003 at 11:54:22AM -0500, freeradius mailing list wrote: > > > Now, what I want to do is make it change the realm that is added based on > > an attribute that comes in. So maybe something like. > > I have a solution but it is not very clean and i only tested it with > freeradius 0.8.1 so i'm looking forward to hear about other solutions. > > 1st the users file: > > ----- cut ----- > DEFAULT Called-Station-Id == 1005, Proxy-To-Realm := plop > Realm = plop, > Fall-Through = Yes > > DEFAULT Called-Station-Id == 1006, Proxy-To-Realm := plop > Realm = plop, > Fall-Through = Yes > > DEFAULT NAS-IP-Address == 192.168.100.153 > Cisco-AVPair = Framed-Pool, > Fall-Through = Yes > ----- cut ----- > > Please note that Realm will not be fixed in the proxified packet there, > it is only usefull for internal use (see below). > > > > Then the acct_users file: (pretty the same) > > ----- cut ----- > DEFAULT Called-Station-Id == 1005, Proxy-To-Realm := plop > Realm = plop, > Fall-Through = Yes > > DEFAULT Called-Station-Id == 1006, Proxy-To-Realm := plop > Realm = plop, > Fall-Through = Yes > ----- cut ----- > > > > And the radiusd.conf file: > > ----- cut ----- > ... snipped ... > modules { > > attr_rewrite force_username { > attribute = User-Name > searchin = packet > searchfor = NULL > replacewith = "[EMAIL PROTECTED]:Realm}" > append = no > new_attribute = no > max_matches = 1 > } > > attr_rewrite tweak_cisco { > attribute = Cisco-AVPair > searchin = reply > searchfor = "Framed-Pool" > replacewith = "ip:addr-pool=%{reply:Framed-Pool}" > append = no > new_attribute = no > max_matches = 1 > } > ... snipped ... > } > > > instantiate { > } > > pre_proxy { > } > > post_proxy { > } > > authorize { > suffix > files > force_username > tweak_cisco > } > authenticate { > } > > preacct { > suffix > files > force_username > } > > accounting { > } > ----- cut ----- > > > With this configuration here is what happens: > > - requests coming from Called Number 1005 or 1006 are proxified to the > realm plop > > - requests coming from the NAS 192.168.100.153 obtains a new attribute > Cisco-AVPair > > - before sending the request to the proxy, User-Name is set to > [EMAIL PROTECTED] if it was NULL (empty) > > - when replies are back, if an attribute Cisco-AVPair exists and > contains Framed-Pool it is replaced with a weird VSA attribute > invented by cisco (because AS5300 doesn't handle Framed-Pool). > > Now, please, don't ask me: > - why the force_username occurs before proxifying and the tweak_cisco > after proxifying; > - if it will work with cvs or new version of freeradius; > Because i don't have any idea... > > And if someone have comments or ideas about improving this, please feel > free to share ;) > > -- > Christophe. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html