Hello
I'm having a look at the RADIUS OUTBOUND Attributes Injection feature for the External Proxy service in ACS version 5.5.0.46.
The use case is:
- ACS uses the External Proxy service to authenticate wireless users with certain domain suffixes
- Sometimes the username Access-Accept comes back with the domain suffix stripped.
- The result of this is:
- ACS logs a successful authentication with the sent username (with suffix)
- ACS sends the Access-Accept to the WLC and the user is listed on the WLC (without suffix)
- Subsequent accounting packets for the user appear in ACS (without suffix)
In the past I've used a freeradius proxy server between ACS and the external proxy to 'rewrite' the username in the Access-Accept so that it matches the username origianlly sent in the Access-Request. The code for this looked something like the following.
Post-proxy {
...
update outer.reply {
User-Name := "%{request:User-Name}"
}
...
}
I'm looking to do the above solely with ACS but I can't see the Radius-ietf username attribute listed under the RADIUS OUTBOUND Attributes Injection feature. Is it possible to rewrite the username attribute in ACS 5.5?
Thanks
Andy