regexp and Group

pepe lopez guildivernos at yahoo.com
Fri Nov 4 02:27:57 CET 2005 

Hi!

I am using the 1.0.5  freeradius version.

 

radiusd -v
radiusd: FreeRADIUS Version 1.0.5, for host , built on Nov  1 2005 at 16:22:00
Copyright (C) 2000-2003 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.

I am trying to use regular expressions with the Group attribute, but it’s not working the way I expected.

 

This is how my users file looks like:

 

DEFAULT Auth-Type := Accept
       Fall-Through = Yes




DEFAULT Group =~ "^test.*"
       Reply-Message = "%{0}",
       Fall-Through = No




DEFAULT Huntgroup-Name == "as_totalcontrol"
       Service-Type = Framed,
       Framed-Protocol = PPP,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-IP-Address = 255.255.255.254,
       Framed-Routing = None,
       Framed-MTU = 1500,
       Reply-Message = "as_totalcontrol",
       Framed-Compression = Van-Jacobson-TCP-IP,
       Fall-Through = No



 

First I tried a radtest with user “test” which belongs to group “test”

 

groups test1
test1 : test_group_2

radtest -d /etc/raddb/ test1 test1 172.20.0.88 1  hola 1 172.20.0.88
Sending Access-Request of id 86 to 172.20.0.88:1812
       User-Name = "test1"
       User-Password = "test1"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=86, length=27
       Reply-Message = "test1"




I ran freeradius in debug mode (radiusd –X)

 

This is the output:

 

rad_recv: Access-Request packet from host 172.20.0.88:34613, id=86, length=63
       User-Name = "test1"
       User-Password = "test1"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module "preprocess" returns ok for request 1
   rlm_realm: No '@' in User-Name = "test1", looking up realm NULL
   rlm_realm: Found realm "NULL"
   rlm_realm: Proxying request from user test1 to realm NULL
   rlm_realm: Adding Realm = "NULL"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for request 1
   users: Matched entry DEFAULT at line 71
   users: Matched entry DEFAULT at line 123
radius_xlat:  'test1'
 modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
 rad_check_password:  Found Auth-Type Accept
 rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  'test1'
Sending Access-Accept of id 86 to 172.20.0.88:34613
       Reply-Message = "test1"
Finished request 1
Going to the next request

 

Then I tried this:

 

groups paraprueba
paraprueba : test


radtest -d /etc/raddb/ paraprueba parapeuba 172.20.0.88 1  hola 1 172.20.0.88
Sending Access-Request of id 98 to 172.20.0.88:1812
       User-Name = "paraprueba"
       User-Password = "parapeuba"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=98, length=79
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-IP-Netmask = 255.255.255.255
       Framed-IP-Address = 255.255.255.254
       Framed-Routing = None
       Framed-MTU = 1500
       Reply-Message = "as_totalcontrol"
       Framed-Compression = Van-Jacobson-TCP-IP


This is radiusd output:

 

rad_recv: Access-Request packet from host 172.20.0.88:34613, id=98, length=68
       User-Name = "paraprueba"
       User-Password = "parapeuba"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
 modcall[authorize]: module "preprocess" returns ok for request 2
   rlm_realm: No '@' in User-Name = "paraprueba", looking up realm NULL
   rlm_realm: Found realm "NULL"
   rlm_realm: Proxying request from user paraprueba to realm NULL
   rlm_realm: Adding Realm = "NULL"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for request 2
   users: Matched entry DEFAULT at line 71
   users: Matched entry DEFAULT at line 147
 modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
 rad_check_password:  Found Auth-Type Accept
 rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  'as_totalcontrol'
Sending Access-Accept of id 98 to 172.20.0.88:34613
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-IP-Netmask = 255.255.255.255
       Framed-IP-Address = 255.255.255.254
       Framed-Routing = None
       Framed-MTU = 1500
       Reply-Message = "as_totalcontrol"
       Framed-Compression = Van-Jacobson-TCP-IP
Finished request 2

It seems as if the regular expression was matching the User–Name attribute instead of the Group attribute.

 

I also tried using regular expressions with the User-Name attribute and they worked as expected.

 

Is it possible to use regular expressions with Group?

And if it is so what am I doing wrong?

 

Thanks in advance.

Kind regards   



		
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.  
		
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051103/bbafc725/attachment.html>

More information about the Freeradius-Users mailing list