On Tue, Nov 29, 2016 at 10:27:58AM -0500, David Teston wrote:
I'd like to enable users to enter their username OR serial number as the &User-Name variable, then let /policy.d/filter determine how to process it. This would also require that I add an attribute in the radcheck table and restructure my SQL queries.
The serial number is stored as text. All users know their serial numbers, but not all users have a username which is how this issue arose.
Haven't got a great deal of info about your setup, but I guess you've got somewhere a record with a serial number, password and optional user name. So unlang that looks at the User-Name and if it looks like a serial number, do the appropriate sql/ldap/other database lookup to pull that password into Cleartext-Password. Otherwise if it doesn't look like a serial number, lookup the username instead (watching the null case). Or alternatively, if you detect username not being a serial number, do some unlang to pull the correct appropriate serial number and replace the User-Name attribute with that, then proceed as normal. This sort of thing will work with PAP auth. If you're doing EAP then you can't rewrite the User-Name so will need to come up with something else... but same sort of idea. Look up the username that's relevant based on the form of User-Name you get. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>