Username Rewrites based on Hint / Realm

Javier Fox jfox at corp.spiritone.com
Wed Oct 15 23:56:51 CEST 2008 

I've tried every permutation of the 'if' line I can think of - quotes, 
no quotes, single-equal, double-equal, equal-tilde - but FreeRadius 
still doesn't like that 'if' line, and errors out with "Line is not in 
'attribute = value' format" on startup.

Again, I apologize if I'm missing something blatantly obvious here, but 
I seem to be following the exact same format as every example on the 
Internet; it just doesn't like it.  Do I need to add some special config 
line so it knows to watch for (and interpret) the unlang statements?  I 
had initially tried using a switch{} block and it complained that it 
didn't know what 'switch' meant.


Thanks,
J. Fox

tnt at kalik.net wrote:
> if(whatever) {
>      update request {
>            User-Name := ...
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 15/10/2008, "Javier Fox" <jfox at corp.spiritone.com> piše:
> 
>> Thanks for the pointer.  I'm not entirely certain as to the proper place
>> to put such a thing, though.  The examples I've been able to pull up
>> show others using 'if' statements and such in the 'authorize' block,
>> after calling preprocess.  However, the following attempt:
>>
>> authorize {
>>
>> 	preprocess
>>
>>         if ( Called-Station-ID =~ /4262606/ ) {
>>             User-Name := "%{Stripped-User-Name}@myispname.com"
>>         }
>>
>> 	...
>> }
>>
>> ....gives me an error of "Line is not in 'attribute = value' format" with
>> the line number of the 'if' statement.  Am I missing something basic here?
>>
>> Thanks,
>> J Fox
>>
>> Stephen Bowman wrote:
>>>
>>> On Wed, Oct 15, 2008 at 3:52 PM, Javier Fox <jfox at corp.spiritone.com
>>> <mailto:jfox at corp.spiritone.com>> wrote:
>>>
>>>     Hi folks,
>>>
>>>     I have a bit of a conundrum trying to implement FreeRadius for a
>>>     system where users from multiple ISP names must all authenticate in
>>>     the same place, and I'm hoping a more experienced user can shed some
>>>     light.
>>>
>>>     In a nutshell, I need to do the following:
>>>     -Check the 'called-station-id' of an incoming RADIUS request
>>>     -If the id is A, B, or C, set a hint/realm flag to "alpha"
>>>     -If the id is D, E, or F, set a hint/realm flag to "beta"
>>>     -If the id is anything else, set a hint/realm flag to "gamma"
>>>     -Based on the value of the hint/realm flag, rewrite the username
>>>     before attempting authentication (by adding '@ispname1',
>>>     '@ispname2', etc.)
>>>     -Conversely, if the username already looks like 'user at ispname',
>>>     leave it alone
>>>
>>>     For completeness' sake, I'm performing the authentication against a
>>>     Postgres database.  In its current state, the system is able to
>>>     happily authenticate users as long as the username is provided in
>>>     the format "username at ispname"; otherwise they are rejected.
>>>
>>>     Our old RADIUS system (using Radiator) appears to call a perl script
>>>     to perform this username rewriting, but that just seems like a nasty
>>>     hack that I'd prefer to avoid.
>>>
>>>     Any advice on this would be immeasurably appreciated.
>>>
>>>     Thanks,
>>>     J. Fox
>>>
>>>
>>> Answer: unlang
>>>
>>> http://freeradius.org/radiusd/man/unlang.html
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list