Semantics of !~ operator

Alan DeKok aland at deployingradius.com
Fri Apr 24 16:45:02 CEST 2015


On Apr 24, 2015, at 9:33 AM, Gerald Vogt <vogt at spamcop.net> wrote:
> I know that. I just would like to have an experts opinion on what the
> best approach would be.

  It's best to keep changes simple/

> From the top of my head I could think of either rewriting the whole
> users file in unlang and put everything into the authorize sections of
> the default and inner-tunnel and wherever else "files" was referenced.
> That, however, seems like the overkill.

  Maybe.  It's largely up to you.

> So, it would seem more reasonable to keep the users file and instead
> extract the SSID from the Called-Station-Id and create a "local
> variable" which holds the SSID and also a flag whether the realm is
> "local" (i.e. my domain or none aka NULL). However, if I understand the
> unlang man page correctly, there is nothing like a "local variable" but
> only attributes defined in dictionaries and either "abusing" an existing
> attribute or defining my own attribute seems rather odd to me.

  The "local attribute" is intended for this exact purpose.  To create policies which are applicable to you, and no one else.

> Thus, conceptionally: what would be the best approach to get those
> policies working again the way they worked in v2?

  Do the complex things in unlang, and the simple things in the "users" file.

  Alan DeKok.




More information about the Freeradius-Users mailing list