diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm index f28c7ee069b7..cd274de7ac6c 100644 --- a/lib/pf/radius.pm +++ b/lib/pf/radius.pm @@ -202,11 +202,7 @@ sub authorize { my $options = {}; # Handling machine auth detection - if ( defined($user_name) && $user_name =~ /^host\// ) { - $logger->info("is doing machine auth with account '$user_name'."); - $node_obj->machine_account($user_name); - $options->{'machine_account'} = $user_name; - } + $self->_machine_auth_detection($user_name,\$node_obj,\$options); if (defined($session_id)) { $node_obj->sessionid($session_id); @@ -233,6 +229,12 @@ sub authorize { if ($rule) { my ($reply, $status) = $filter->handleAnswerInRule({%$rule, merge_answer => 'enabled' }, $args, $radius_request); %$radius_request = %$reply; + $args->{'user_name'} = $switch->parseRequestUsername($radius_request); + if ($user_name ne $args->{'user_name'}) { + $logger->info("Username has been changed from '$user_name' to ".$args->{'user_name'}); + } + $args->{'username'} = $args->{'user_name'}; + $self->_machine_auth_detection($args->{'user_name'},\$node_obj,\$options); } my $result = $role_obj->filterVlan('IsPhone',$args); # determine if we need to perform automatic registration @@ -240,7 +242,7 @@ sub authorize { if (defined($result)) { $args->{'isPhone'} = $result; } elsif ($port) { - $args->{'isPhone'} =$switch->isPhoneAtIfIndex($mac, $port); + $args->{'isPhone'} =$switch->isPhoneAtIfIndex($mac, $port); } else { $args->{'isPhone'} = $FALSE; } @@ -1176,6 +1178,16 @@ sub handleUnboundDPSK { } } +sub _machine_auth_detection { + my ($self, $user_name, $node_obj, $options) = @_; + my $logger = get_logger; + if ( defined($user_name) && $user_name =~ /^host\// ) { + $logger->info("is doing machine auth with account '$user_name'."); + $$node_obj->machine_account($user_name); + $$options->{'machine_account'} = $user_name; + } +} + =back =head1 AUTHOR