post-auth help to simplify

Pizu pizpower at gmail.com
Mon Aug 30 10:20:51 CEST 2021


Hello,

Currently we have the below in the post-auth and I would like to simplify
this.

       if (&LDAP-Group == "RSSO - Group - 01") {
                update reply {
                        &Tunnel-Type := "VLAN"
                        &Tunnel-Medium-Type := "IEEE-802"
                        &Tunnel-Private-Group-Id := "943"
                        &Class := "RSSO-Group-01"
                }
        }
        elsif (&LDAP-Group == " RSSO - Test - Group - 01 ") {
                update Reply {
                        &Tunnel-Type := "VLAN"
                        &Tunnel-Medium-Type := "IEEE-802"
                        &Tunnel-Private-Group-Id := "943"
                        &Class := "RSSO-Test-Group-01"
                }
        }
etc...


We have over 70 groups like this, the above is working but I'd like to
minimize the changes on the freeradius configuration and was thinking of
using regex but not sure if it's possible in my case.
As you can see from the above the LDAP-Group and Class differences are the
spaces.

I was thinking of doing something like the below:

       if (&LDAP-Group =~ /^RSSO/) {  << Match if group starts with RSSO
               update reply {
                       &Tunnel-Type := "VLAN"
                       &Tunnel-Medium-Type := "IEEE-802"
                       &Tunnel-Private-Group-Id := "943"
                       &Class := "${0}" << is it possible to remove
whitespaces? before the update reply?
               }
       }

Regards,

Pizu


More information about the Freeradius-Users mailing list