help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Manipulating realm info

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] Manipulating realm info
Date: Thu, 15 Apr 2004 10:26:18 +0300 
Charles Sprickman <address@hidden> wrote:

> It's more complicated than that.  Some users actually will have a full
> username that looks like "address@hidden".  So somehow I need to
> split that at the "@" (or "%") and have the "domain part" available for my
> authentication query...

I see. Use the following Rewrite[1] function:

string
domain_part(string name)
{
        integer i;
        i = index(name, '@');
        if (i != -1) 
           return substr(name, i+1, -1);
        return "";
}

place it in a file (say /some/dir/domain.rw), add to the `rewrite'
section of your raddb/config the following lines

  load-path "/some/dir";
  load "domain.rw";

and then invoke it from your raddb/hints[2], e.g.

DEFAULT   NULL              Auth-Data = "=domain_part(%[User-Name])"

Then you will be able to use the value of Auth-Data as domain part in
your queries. If this attribute is already in use, replace it with
another one (you may create a new attribute for that purpose in your
dictionary).

Make sure you configure your radiusd to locally process @theirdomain.com
(and other similar domains). If there are only few of them, add the
following entries for each realm[3]

theirdomain.com   LOCAL    nostrip

If there are many of them, then the following entry might be the best
choice:

DEFAULT         LOCAL   nostrip

Regards,
Sergey

[1] http://www.gnu.org/software/radius/manual/html_node/radius_104.html#SEC185
[2] http://www.gnu.org/software/radius/manual/html_node/radius_15.html#SEC18
[3] http://www.gnu.org/software/radius/manual/html_node/radius_55.html#SEC124
reply via email to
[Prev in Thread] Current Thread [Next in Thread]