I am currently knee deep in an Active Directory domain collapse and need to figure out how to get FreeRADIUS to authenticate users as they are moved between domains. During the AD migration process users accounts are disabled in the source domain(where FreeRADIUS currently points) and enabled in the target domain. What I need to do is figure out a way to determine if a user has been moved and if they have, proxy the requests to the new domain.
I see two possible ways to do this -
1 - If the user is in AD group "X" proxy the request
2 - If the username has string "m_", then remove the "m_" string and proxy the request
My questions are these: which is the easiest to implement and how do I implement each?
I have looked at rlm_attr_rewrite a bit and think this may be the module for the second situation. I have googled and searched the lists, unable to find anything of much help.
CONFIDENTIALITY NOTICE: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of this message in whole or in part is strictly prohibited. Please inform the sender immediately and destroy the original transmittal. Thank you for your cooperation.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html