Re: proxy wildcard realms (subdomains)
Hello! hi - i after much searching the archives i couldn't find a good way to proxy to subdomains of a domain: [EMAIL PROTECTED] for any number of subdomains under a given domain.com (inlcuding nil). is this possible? (i don't want the username stripped) There are two possible solutions to this. The first is to use the users file to match the User-Name against a regular expression that matches your wishes (using the =~ operator) and setting a Proxy-To-Realm attribute hint when the expression matches. The other possibility - which is much more intuitive - is to apply a patch to the FreeRADIUS sources that allows you to define wildcard realm matching in the realm sections of proxy.conf (where I strongly think it belongs - why would you want to define realms in the *users* file when there are dedicated realm definitions?). The patch was posted by Rok Papez to the users and devel mailing lists some time ago. If you don't find it, just drop me a private mail and I'll send you a copy. BTW, I have recently learned during the TERENA Networking Conference that this patch is in a much more widespread use than I thought it was, being deployed in a worldwide educational RADIUS infrastructure by many countries (some participants of www.eduroam.org). So, you can probably consider it being quite stable. It's a pity that it is not being considered for inclusion into the official source code. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Rseau Tlinformatique de l'Education Nationale et de la Recherche Ingnieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tl.: +352 424409-1 http://www.restena.lufax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: proxy wildcard realms (subdomains)
thanks - this works very well. i'm replying so that future searchers of the mailing list archives can see that it does indeed work. working example (etc/raddb/users file for that that couldn't fine which file to edit!) # following is used to map subdomains of *.easynet.co.uk # to be proxied according to the realm easynet.co.uk DEFAULT User-Name =~ @.*\.easynet\.co\.uk$, Proxy-To-Realm := easynet.co.uk # following is used to map subdomains of *.ukonline.co.uk # to be proxied according the realm ukonline.co.uk DEFAULT User-Name =~ @.*\.ukonline\.co\.uk$, Proxy-To-Realm := ukonline.co.uk t -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: 16 June 2005 17:59 To: FreeRadius users mailing list Subject: Re: proxy wildcard realms (subdomains) Tariq Rashid [EMAIL PROTECTED] wrote: hi - i after much searching the archives i couldn't find a good way to proxy to subdomains of a domain: [EMAIL PROTECTED] for any number of subdomains under a given domain.com (inlcuding nil). is this possible? (i don't want the username stripped) yes. DEFAULT User-Name =~ domain\.com$, Proxy-To-Realm := domain.com Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy wildcard realms (subdomains)
Stefan Winter [EMAIL PROTECTED] wrote: BTW, I have recently learned during the TERENA Networking Conference that this patch is in a much more widespread use than I thought it was, being deployed in a worldwide educational RADIUS infrastructure by many countries (some participants of www.eduroam.org). Wow... So, you can probably consider it being quite stable. It's a pity that it is not being considered for inclusion into the official source code. Hmm... I'll take another look at it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy wildcard realms (subdomains)
Tariq Rashid [EMAIL PROTECTED] wrote: hi - i after much searching the archives i couldn't find a good way to proxy to subdomains of a domain: [EMAIL PROTECTED] for any number of subdomains under a given domain.com (inlcuding nil). is this possible? (i don't want the username stripped) yes. DEFAULT User-Name =~ domain\.com$, Proxy-To-Realm := domain.com Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html