On Thu, Dec 7, 2017 at 6:24 PM, Alan Buxey <alan.buxey@gmail.com> wrote:
authorize section of the default virtual server for a vanilla install. AFTER the modules that service the request but before the first calls to eg pap and EAP etc
alan
if (User-Name =~ /^(xx[e0][0-9]{3})$/) \ && NAS-IP-Address !~ /10\.10\.1\.11[89]$/ \ && NAS-IP-Adddress !~ /10\.10\.2\.(10|20)$/) { User-Name := "%{User-Name}@imp" }
If this should work, I still don't know in which configuration file I should put this code in order to manipulate the User-Name in the preprocessing step, before authentication on SQL/files happens.
Best regards, Gianni Costanzi
Hi, I've tried to add the following code within authorize section of default virtual server, just after the preprocess directive: preprocess if (&User-Name =~ /^AAAAA$/) { update request { &User-Name := "BBBBB" } } It seems to work (radius debug says noop for that block of code but the User-Name is correctly translated from AAAA to BBBB). So I've tried to implement the code I need to replicate what I was using in older Freeradius: if (&User-Name =~ /^(xx[e0][0-9]{3})$/ \ && NAS-IP-Address !~ /REGEXP/ \ && NAS-IP-Address !~ /REGEXP/ \ && NAS-IP-Address !~ /REGEXP/ \ [...] && NAS-IP-Address !~ /REGEXP/ \ && NAS-IP-Address !~ /REGEXP/ { update request { &User-Name := "%{User-Name}@myrealm" } } The problem now is that there are too many conditions and radius server does not start: including configuration file /etc/raddb/sites-enabled/default /etc/raddb/sites-enabled/default[273]: Reference "(&User-Name =~ /^(xx[e0][0-9]{3})$/ && NAS-IP-Address !~ [...] [...]&& NAS-IP-Address !~ /REGEXP/ ) " is too long Failed expanding section name /etc/raddb/sites-enabled/default[326]: Failed allocating memory for section Errors reading or parsing /etc/raddb/radiusd.conf If I reduce the number of "&& NAS-IP-Address" rows it works. I'd like to implement the following work-around code, splitting the check of NAS-IP-Addresses in multiple If blocks, but I need your help to tell me if and how I can set a temporary variable match_found: if (&User-Name =~ /^(xx[e0][0-9]{3})$/) { match_found = 0 if (NAS-IP-Address =~ /REGEXP/ \ && NAS-IP-Address =~ /REGEXP/ \ && NAS-IP-Address =~ /REGEXP/ \) { match_found = 1 } [...] if (NAS-IP-Address =~ /REGEXP/ \ && NAS-IP-Address =~ /REGEXP/ \ && NAS-IP-Address =~ /REGEXP/ \) { match_found = 1 } if (match_found == 0) { update request { &User-Name := "%{User-Name}@myrealm" } } } The logic would be the same, change the Username only if it matches the username regexp and does not match any of the NAS-IP-Address regexps. Can I allocate a temporary variable like match_found? It doesn't work as I've written above (/etc/raddb/sites-enabled/default[273]: Errors parsing authorize section.). Furthermore, could I have the same "memory allocation for section" error even with the code above? I don't know how radius is working behind the scenes with this Unlang code, so I need your help. Best regards, thank you in advance for any help Gianni Costanzi