> > # BOL, "host", a slash, one or more non-dot characters, a dot, > > # one or more non-whitespace chars, EOL. > > if ( User-Name =~ /^host\/([^\.])+\.(\S+)$/i ) { > switch "%{2}" { > case 'my-domain-string-1' { > update control { > Proxy-To-Realm := 'my-domain-1' > } > } > case 'my-domain-string-2' { > update control { > Proxy-To-Realm := 'my-domain-1' > } > } > case 'my-domain-string-3' { > update control { > Proxy-To-Realm := 'my-domain-2' > } > } > case { > # Domain not recognised > } > } > > }
I took this code and modified it, assuming that if the code I wrote before (which tries to use "COL.MISSOURI.EDU" as the realm) doesn't work, I can use the code above to take FOO.MISSOURI.EDU and proxy to the NT domain FOO-USERS, which is more than just massaging the User-Name field. The switch statement will be necessary to translate the AD domain into the correct NT domain. "radiusd -XC" likes it. Hopefully, I'll be able to tell if one or both of these schemes works fairly early tomorrow. Thanks! --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html