Nested dynamic variable expansion at parse time

Alan DeKok aland at deployingradius.com
Thu Jun 6 18:11:48 CEST 2019 

On Jun 5, 2019, at 9:04 AM, Nitin sidhu <nitin.sidhu23 at gmail.com> wrote:
> I am using FreeRADIUS Version 3.0.17 running on apline linux. I am trying
> to setup some variable under virtual server sections that are referenced at
> multiple points in the virtual server. Essentially trying to make editing
> of the configuration easier and adding more virtual server easier
> 
> Virtual server config is:

  Butchered to the point of illegibility.

> *server tenant1 {sql_instance_name = tenant1sql_db =
> "${sql[${.sql_instance_name}].radius_db}"authorize
> {chap"${..sql_instance_name}"pap}}*

  What the heck is that?  Please post *clear* text.  When you make it hard for people to hep you, they're inclined to not help you.

  From what  can see, you're trying to put module configuration into a virtual server.  You can't do that.  Please don't invent new configuration that isn't supported by the server.

> I followed the documentation:
> https://networkradius.com/doc/3.0.10/raddb/syntax/config_reference.html

  The documentation describes what the server does.  You're doing something else.  So you've taken the syntax, and tried to do something which *isn't* documented.  As perhaps can be expected, it doesn't work.

> I am getting this error:
> 
> freeradius_1  | FreeRADIUS Version 3.0.17

  There's no need to add useless prefixes to every log line.  Just post the debug output as the server produces it.
> 
> Seems like variable is not able to expand in the authorize section.

  Exactly.  You can't just put module configuration into a virtual server and expect it to magically work.

> If i
> dont use variable reference in authorize section and not use nested
> variable reference for *sql_db* then all is working fine.

  Yes.  If you use it as documented, it works.

> Could someone please point me in the right direction as to how i can use
> nested variable reference and variable expansion under authorize section of
> virtual server?

  You can't.

  Perhaps you could explain what goal you're trying to reach.  Right now, you're asking how to implement a particular solution.  But your entire solution is wrong, because you're doing the wrong things.

  So what problem are you having?  Describe it in high-level terms, using simple English.  *Not* via wrong configuration pieces which you think might work.

  Alan DeKok.

More information about the Freeradius-Users mailing list