On 17/06/2014 18:05, Arran Cudbard-Bell wrote:
What modules are you using?
Man, what are we not... The main things are: 1. A bunch of policy modules, in particular one which wraps a linelog instance. This lots a *lot* of conditional logic to generate linelog in the format we want, but keep the main config clean, and uses control:Tmp-String-0 a lot e.g. policy { mylog.authorize { if (...) { update control { Tmp-String-0 := "%{Some-Thing}" } } } } 2. A bunch of rlm_cache modules wrapping some SQL xlats into control:Tmp-String-0, which are then split out into request variables by a policy e.g. modules { cache mydb { update { control:Tmp-String-0 := "%{sql:select foo||','||bar ...}" } } } policy { mydb-lookup { mydb if (control:Tmp-String-0 =~ /^(.+),(.+)$/) { update request { My-Attr = "%{0}" Other-a = "%{1}" } } } } 3. In the 3.x config a foreach over &Cisco-AVPair, string-ified into Tmp-String-0 (see a pattern yet) then regexp-matched e.g. if (Cisco-AVPair) { foreach &Cisco-AVPair { # foreach-variable-x can't be regexp-matched # and need to be string-ified, so we do this # explicitly to avoid doubt update request { Tmp-String-0 := "%{Foreach-Variable-0}" } if (Tmp-String-0 =~ /^audit-session-id=(.+)$/) { update request { IC-Cisco-ASID := "%{1}" } } } } 4. The usual array of eap (peap, mschapv2), mschap w/ ntlm_auth, and as above linelog and sql.