Re: rewriting the User-Name attr
On Fri, 5 Aug 2005, Zoltan A. Ori wrote:
>
> > My problem is now that I want to change the User-Name attr for students
> > only, to [EMAIL PROTECTED] before proxying it to the other radius
> > server.
> >
>
> >
> > attr_rewrite studenti {
> > attribute = User-Name
> > # may be "packet", "reply", "proxy", "proxy_reply" or
> > "config"
> > searchin = proxy
> > searchfor = "\(*\\.*\)"
> > replacewith = "[EMAIL PROTECTED]"
> > ignore_case = no
> > new_attribute = no
> > max_matches = 10
> > append = no
> > }
> >
> > Can you address me in the right direction?
>
> Read doc/variables.txt.
>
> Use %{0} instead of $1 if the students enter their username as name.surname
>
> Zoltan
Thank you for both answers, I'm now trying with preproxy_users and with
variable substitution.
But I still can't get it to work.
I read the following packet in the pre-proxy log on the proxier
# cat
/var/log/radius/radacct/127.0.0.1/pre-proxy-detail-20050806
Packet-Type = Access-Request
Sat Aug 6 15:23:17 2005
User-Name = "matteo.faleschini"
NAS-IP-Address = 127.0.0.1
Client-IP-Address = 127.0.0.1
Realm = "encrypt"
Proxy-State = 0x3432
So I tried both line (not together) on the preproxy_users file (the first could
have an error inside)
DEFAULT Realm == encrypt
User-Name := [EMAIL PROTECTED]
DEFAULT User-Name =~ "\\."
User-Name := "user.modified"
But on the other radius server I always get this log
Packet-Type = Access-Request
Sat Aug 6 15:20:17 2005
User-Name = "matteo.faleschini"
NAS-IP-Address = 127.0.0.1
Proxy-State = 0x3432
Client-IP-Address = 192.168.1.2
My radiusd.conf file only includes these lines for pre-proxying
pre-proxy {
# attr_rewrite
# If you want to have a log of packets proxied to a home
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
pre_proxy_log
}
I'm I still missing something? like a directive related to the use of the
preproxy_users file?
Thank you,
Matteo Faleschini
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rewriting the User-Name attr
Hi,
i'm looking for some help to rewrite the User-Name attribute.
My problem is:
my organisation has to proxy to two different realms on two different
servers.
one realm is students, the other is professors (some users are handled
locally).
The User-Name of professors is [EMAIL PROTECTED] so it was easy to
prepare a real in proxy.conf named professors
The students realm is not explicetely found in the User-Name attributes
but I can distinguish the students by the presence of a '.' point in the
username.
(I used this rule in the users file
DEFAULT User-Name =~ "\\.", Proxy-To-Realm := encrypt)
My problem is now that I want to change the User-Name attr for students
only, to [EMAIL PROTECTED] before proxying it to the other radius
server.
I was planning to use rlm_attr_rewrite and I see 2 ways to do it:
1) I recognaize the realm by the Proxy-To-Real attr, but I don't know haw
to tell it to the attr_rewrite module
attr_rewrite studenti {
attribute = User-Name
# may be "packet", "reply", "proxy", "proxy_reply" or
"config"
searchin = proxy
searchfor = "$"
replacewith = "@students"
ignore_case = no
new_attribute = no
max_matches = 10
append = no
}
2) I recognaize once again the packet by the presence of a '.' point in
the name but I don't know if I can use a perlish/awkish expression like
attr_rewrite studenti {
attribute = User-Name
# may be "packet", "reply", "proxy", "proxy_reply" or
"config"
searchin = proxy
searchfor = "\(*\\.*\)"
replacewith = "[EMAIL PROTECTED]"
ignore_case = no
new_attribute = no
max_matches = 10
append = no
}
Can you address me in the right direction?
Thank you,
matteo faleschini
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
