> Uh.. if you don't read the documentation and don't understand what> > you're doing, it probably won't do what you want.
Sometimes true, sometimes not :) > Rather than randomly making changes, perhaps you could explain what > you're trying to do, and why. Right now, I'm just experimenting and trying to learn how things work... In any case, to give you an idea of one of the things I was thinking about... One idea, is that we have a number of departments that want to be put into a particular VLAN when they login. When a user normally logs in, they simply use their username. This simply puts them in the general user VLAN. However, if they login with username@department, and they are authorized, we will return the particular radius attribute to put them into their specific department VLAN. A normal authorize might look like: ldapAuthUser if( %Realm ) { ldapAuthVLAN } If one is smart about naming the Group in ldap the same as the Realm, then one can quite easily construct a search filter in the ldap module to look at the appropriate group in ldap. That group would actually have the particular radiusReplyItem to return the correct VLAN... Note that in the above the Realm is quite useful, but there is NO need to actually do proxy, so really no "REAL" need to get into the proxy.conf ? Thanks, Robert ________________________________________ From: freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org [freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org] On Behalf Of Alan DeKok [al...@deployingradius.com] Sent: Friday, March 25, 2011 1:09 PM To: FreeRadius users mailing list Subject: Re: Strip off the domain part from the User-Name Robert Roll wrote: > We're currently running 2.1.10.. > > I seemed to notice that the "Out of the Box Config" does not seem to > actually create > a Stripped-Username and Realm. It creates those attributes if you define a realm. If you don't define a realm, it doesn't know how to create a "Realm" attribute. > I did find that when I created a "real" realm in the proxy.conf > file, then a Stripped-Username and Realm were available. Yes... > So, I thought that if I really wanted > ALL usernames "stripped" into their component parts, I would just change the > example.com realm > in the proxy.conf file to be "DEFAULT" ? This then seemed to send the > request into some sort of > endless loop ? Uh.. if you don't read the documentation and don't understand what you're doing, it probably won't do what you want. Rather than randomly making changes, perhaps you could explain what you're trying to do, and why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html