Hi, I’m looking for a way to select a realm based on RADIUS attributes in the request. From debug logs I can see that everything I send gets sent to perl module also:
Is it possible to map this value to the actual realm in PrivacyIdea?
Similar question was asked here: 782 however in our case requests are coming from the same device so we can’t differentiate users using authorization policy and setrealm.
It’s not a show stopper, I could probably have all the users in one default realm too. It would be nice however for the future to have different realms so we could set different policies per realm if needed
I think this would be a useful feature to have. For example in our case we use Clearpass as our centralized RADIUS server and all the requests come from there, so the requests have same IP addresses etc.
Other option would be do some sort of pre processing with FreeRADIUS to set Realm attribute to value in Callback-Id. Realm seems to be internal to FreeRADIUS and not part of any standard dictionaries so I can’t set it in Clearpass.
Dirty workaround for this is also to edit /etc/raddb/dictionary and just change Callback-Id to Realm… I tried it and seems to work