Lai Fu Keung wrote: > Normally, I proxy a PEAP request whenever the realm is unknown to us > (i.e. using the DEFAULT realm without stripping user name). However, for > some SSIDs, I want requests to be handled locally with ldap, independent > of what the realm is (and with the user name stripped). What I did is to > find those SSIDs in "Called-Station-ID" and > set proxy-to-realm to a local realm.
OK... > But the problem (I guess) is that when freeradius processes the realm > file, the user name is not stripped. When later on processed by the > local realm, the request fails because the user name still contains the > domain. The problem is that the realms file *isn't* being processed. That's why the user names aren't stripped. You can always put the check for SSID *after* the check for the realms. In that case, the usernames will be stripped, and the SSID check can cancel any proxying, just like you do now. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html