Hello All, We are in the process of migrating users from one AD tree to another. The migrated accounts will exist in both AD directories for a while (usernames will not change) and I need to be able to choose a radius server based on an LDAP group membership. I have this working fine for cases where users do not supply a realm but I am not sure of the best way to do this for users that do supply an ntdomain-style realm. In the new domain, no one requires a realm (need to strip if the user has already been migrated), while the old domain has several child domains. I am using FR 2.1.10.
I was not successful trying to change the proxy server after one had already been chosen. I tried to remove the Realm attribute in the authorize section but the request still went to the initially chosen radius pool. I tried stripping the realm manually prior to realm processing in authorize {} but have not been successful yet. I am using a simple regex like this: if (User-Name =~ /^[A-z]+\\(.*)/) { update request { Stripped-User-Name := "%{1}" } } This always fails for 'radtest realm\\user'. Am I missing something or is there a more elegant way to accomplish this? Thanks very much, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html