<div dir="ltr"><div><div>ah this is the way to go. so basically disable suffix from both sites-enabled/default and sites-enabled/inner-tunnel, then have this unlang in sites-enabled/default authorized section -- nice<br><br></div>ok now you are also proxing <a href="http://sub-domain.iscte.pt">sub-domain.iscte.pt</a>, maybe either <a href="http://sub-domain.iscte.pt">sub-domain.iscte.pt</a> Proxy-To-Realm := LOCAL or reject them, this way you won't proxing <a href="http://allpossiblesubdomain.iscte.pt">allpossiblesubdomain.iscte.pt</a> to your EDUROAM,<br><br></div>how is the correct unlang for rejecting or proxy to LOCAL for <a href="http://subdomain.iscte.pt">subdomain.iscte.pt</a> ?<br><br><br><div><br><br><span class="im"></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 4:50 PM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
> I have a simple doubt; I have seen many times a couple of people saying they prefer to use unlang than the suffix directive; what´s the advantage of - supposing proxy.conf is adequately configured, instead of doing<br>
<br>
</span>Suffix is deprecated, it was remove from version 3.x.x because it duplicated behaviour<br>
available with unlang.<br>
<br>
If you want to use new versions of the server you don't have a choice.<br>
<span class=""><br>
><br>
><br>
> suffix<br>
><br>
> do instead (ignore the if part, I know it is missing in the example above, it is here just for the sake of clarity):<br>
><br>
><br>
> if (!(User-Name =~ /^([^@]*)@(.+)$/)) {<br>
> update reply {<br>
> Reply-Message := "malformed username"<br>
> }<br>
> reject<br>
> }<br>
> else {<br>
> update request {<br>
> Stripped-User-Name := "%{1}"<br>
> Realm := "%{2}"<br>
> }<br>
> if (Realm == "<a href="http://iscte.pt" target="_blank">iscte.pt</a>") {<br>
> update control {<br>
> Proxy-To-Realm := LOCAL<br>
> }<br>
> }<br>
> else {<br>
> update control {<br>
> Proxy-To-Realm := EDUROAM<br>
> }<br>
> }<br>
> }<br>
<br>
</span>Suffix is more magic. The logic isn't obvious to someone new to FreeRADIUS, whereas writing it out explicitly in<br>
unlang is easily understandable.<br>
<br>
It's also not obvious (by the name) that suffix will also setup proxying, as well as mangling the username.<br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br></div>