Nas-IP-Address regexp matching in hints/huntgroups working in 2.2.0 and not in 3.0.13

Alan DeKok aland at deployingradius.com
Fri Dec 15 12:42:31 CET 2017


On Dec 15, 2017, at 6:29 AM, Gianni Costanzi <gianni.costanzi at gmail.com> wrote:
> So I've tried to implement the code I need to replicate what I was using in
> older Freeradius:
> 
>        if (&User-Name =~ /^(xx[e0][0-9]{3})$/ \
>                && NAS-IP-Address !~ /REGEXP/ \
>                && NAS-IP-Address !~ /REGEXP/ \
>                && NAS-IP-Address !~ /REGEXP/ \
>                [...]
>                && NAS-IP-Address !~ /REGEXP/ \
>                && NAS-IP-Address !~ /REGEXP/ {
>                update request {
>                        &User-Name := "%{User-Name}@myrealm"
>                }
>        }
> 
> The problem now is that there are too many conditions and radius server
> does not start:

  As I suggested earlier... see "man rlm_passwd".  You can create local groups for the NASes.

  i.e. instead of listing masses of regular expressions, just create a simple flat file with (a) the IP of the NAS, and (b) the group it should belong to.  You can create a local "NAS-Group" attribute.  See the rlm_passwd documentation for examples.

  Then in the "authorize" section, do:

	if ((User-Name =~ /regex/) && (NAS-Group == "foo")) {
		...
	}

> If I reduce the number of "&& NAS-IP-Address" rows it works.

  Using groups is simpler than large numbers of if / then / else conditions.

  Alan DeKok.




More information about the Freeradius-Users mailing list