4:27 p.m.
Hi Marc,
At least the logic of what you are trying to do sounds reasonable.
Could you share the relevant config? (of course without secrets, and feel free to remove
or obfuscate the IP addresses as well).
Best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
On 11.02.20, 08:50, "Marc Sauer" <m.sauer(a)khm.de> wrote:
Hello,
I need to setup a rewrite, that removes the realm when forwarded to the
local Radius server. I've already set up a rewrite with the following
content:
modifyAttribute 1:/^(.*)@mydomain.de$/\1/
My local radius server only accept usernames without the realm. When I
include the realm in the server block of the config file nothing is
changing. The only way it works is when I include it in the client
block. There is a problem when including it in the client block,
though: Since the realm is removed so early, radsecproxy thinks that
it's a user from another organization and forwards it to the top level
radius server. That's not what I want.
So I need the following setup:
User tries to log in with realm @example.com -> Radsecproxy sees thats
it's coming from my organization -> Radsecproxy looks into the server
block of my local radius -> Before sending the request to my local
radius, it removes the @example.com from the username.
Can anyone help me with that setup? I hope my explanation was clear
enough.
Thank you and greetings from Cologne, Germany.
--
Marc Sauer
Linux Systems Administrator
Kunsthochschule für Medien Köln/
Academy of Media Arts Cologne
Peter-Welter-Platz 2
50676 Köln
https://www.khm.de
https://en.khm.de