unlang question

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Fri Mar 20 13:50:07 CET 2009


On 20/3/09 12:25, tnt at kalik.net wrote:
>> I do not want visitors to be able to get onto the original service, and I
>> do not want normal users to get onto the visitor service.
>>
>> My thoughts are to set up a new virtual server and add an 'if' statement
>> to look for the visitor user names, and reject or allow as necessary.
>>
>> something like this in the new virtual server
>>
>> if ( Stripped-User-Name != /visitor[0-9]?[0-9]/i ) { reject }
>>
>> and the inverse for the old service.
>>
>> if ( Stripped-User-Name =~ /visitor[0-9]?[0-9]/i ) { reject }
>>
>> Is this syntax correct ? and where do I put it?
>
> What about the service? You probably want:
>

if(("%{request:Service-Type}" == 'whatever') && 
("%{request:Stripped-User-Name}" !~
/visitor[0-9]?[0-9]/i)) {
	reject
}

I don't think naked attribute names were supported in 2.0.5..


>
> That goes in authorize section.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2



More information about the Freeradius-Users mailing list