unlang vs suffix

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Nov 13 17:50:11 CET 2013


> I have a simple doubt; I have seen many times a couple of people saying they prefer to use unlang than the suffix directive; what´s the advantage of - supposing proxy.conf is adequately  configured, instead of doing

Suffix is deprecated, it was remove from version 3.x.x because it duplicated behaviour
available with unlang.

If you want to use new versions of the server you don't have a choice.

> 
> 
> suffix
> 
> do instead (ignore the if part, I know it is missing in the example above, it is here just for the sake of clarity):
> 
> 
>         if (!(User-Name =~ /^([^@]*)@(.+)$/)) {
>            update reply {
>               Reply-Message := "malformed username"
>            }
>            reject
>         }
>         else {
>            update request {
>                 Stripped-User-Name := "%{1}"
>                 Realm := "%{2}"
>            }
>            if (Realm == "iscte.pt") {
>               update control {
>                  Proxy-To-Realm := LOCAL
>               }
>            }
>            else {
>               update control {
>                  Proxy-To-Realm := EDUROAM
>               }
>            }
>         }

Suffix is more magic. The logic isn't obvious to someone new to FreeRADIUS, whereas writing it out explicitly in
unlang is easily understandable.

It's also not obvious (by the name) that suffix will also setup proxying, as well as mangling the username.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list