Hi! I am using the 1.0.5 freeradius version. radiusd -v radiusd: FreeRADIUS Version 1.0.5, for host , built on Nov 1 2005 at 16:22:00 Copyright (C) 2000-2003 The FreeRADIUS server project. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. I am trying to use regular expressions with the Group attribute, but its not working the way I expected. This is how my users file looks like: DEFAULT Auth-Type := Accept Fall-Through = Yes DEFAULT Group =~ "^test.*" Reply-Message = "%{0}", Fall-Through = No DEFAULT Huntgroup-Name == "as_totalcontrol" Service-Type = Framed, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-IP-Address = 255.255.255.254, Framed-Routing = None, Framed-MTU = 1500, Reply-Message = "as_totalcontrol", Framed-Compression = Van-Jacobson-TCP-IP, Fall-Through = No First I tried a radtest with user test which belongs to group test groups test1 test1 : test_group_2 radtest -d /etc/raddb/ test1 test1 172.20.0.88 1 hola 1 172.20.0.88 Sending Access-Request of id 86 to 172.20.0.88:1812 User-Name = "test1" User-Password = "test1" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=86, length=27 Reply-Message = "test1" I ran freeradius in debug mode (radiusd X) This is the output: rad_recv: Access-Request packet from host 172.20.0.88:34613, id=86, length=63 User-Name = "test1" User-Password = "test1" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: No '@' in User-Name = "test1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Proxying request from user test1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 users: Matched entry DEFAULT at line 71 users: Matched entry DEFAULT at line 123 radius_xlat: 'test1' modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'test1' Sending Access-Accept of id 86 to 172.20.0.88:34613 Reply-Message = "test1" Finished request 1 Going to the next request Then I tried this: groups paraprueba paraprueba : test radtest -d /etc/raddb/ paraprueba parapeuba 172.20.0.88 1 hola 1 172.20.0.88 Sending Access-Request of id 98 to 172.20.0.88:1812 User-Name = "paraprueba" User-Password = "parapeuba" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=98, length=79 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-MTU = 1500 Reply-Message = "as_totalcontrol" Framed-Compression = Van-Jacobson-TCP-IP This is radiusd output: rad_recv: Access-Request packet from host 172.20.0.88:34613, id=98, length=68 User-Name = "paraprueba" User-Password = "parapeuba" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_realm: No '@' in User-Name = "paraprueba", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Proxying request from user paraprueba to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 71 users: Matched entry DEFAULT at line 147 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'as_totalcontrol' Sending Access-Accept of id 98 to 172.20.0.88:34613 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-MTU = 1500 Reply-Message = "as_totalcontrol" Framed-Compression = Van-Jacobson-TCP-IP Finished request 2 It seems as if the regular expression was matching the UserName attribute instead of the Group attribute. I also tried using regular expressions with the User-Name attribute and they worked as expected. Is it possible to use regular expressions with Group? And if it is so what am I doing wrong? Thanks in advance. Kind regards --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click. --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click.
Sorry fot using html it was not my intention, hope this is pain text !! Hi! I am using the 1.0.5 freeradius version. radiusd -v radiusd: FreeRADIUS Version 1.0.5, for host , built on Nov 1 2005 at 16:22:00 Copyright (C) 2000-2003 The FreeRADIUS server project. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. I am trying to use regular expressions with the Group attribute, but its not working the way I expected. This is how my users file looks like: DEFAULT Auth-Type := Accept Fall-Through = Yes DEFAULT Group =~ "^test.*" Reply-Message = "%{0}", Fall-Through = No DEFAULT Huntgroup-Name == "as_totalcontrol" Service-Type = Framed, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-IP-Address = 255.255.255.254, Framed-Routing = None, Framed-MTU = 1500, Reply-Message = "as_totalcontrol", Framed-Compression = Van-Jacobson-TCP-IP, Fall-Through = No First I tried a radtest with user test which belongs to group test groups test1 test1 : test_group_2 radtest -d /etc/raddb/ test1 test1 172.20.0.88 1 hola 1 172.20.0.88 Sending Access-Request of id 86 to 172.20.0.88:1812 User-Name = "test1" User-Password = "test1" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=86, length=27 Reply-Message = "test1" I ran freeradius in debug mode (radiusd X) This is the output: rad_recv: Access-Request packet from host 172.20.0.88:34613, id=86, length=63 User-Name = "test1" User-Password = "test1" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP Processing the authorize! section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: No '@' in User-Name = "test1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Proxying request from user test1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 users: Matched entry DEFAULT at line 71 users: Matched entry DEFAULT at line 123 radius_xlat: 'test1' modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'test1' Sending Access-Accept of id 86 to 172.20.0.88:34613 Reply-Message = "test1" Finished request 1 Going to the next request Then I tried this: groups paraprueba paraprueba : test radtest -d /etc/raddb/ paraprueba parapeuba 172.20.0.88 1 hola 1 172.20.0.88 Sending Access-Request of id 98 to 172.20.0.88:1812 User-Name = "paraprueba" User-Password = "parapeuba" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 172.20.0.88:1812, id=98, length=79 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-MTU = 1500 Reply-Message = "as_totalcontrol" Framed-Compression = Van-Jacobson-TCP-IP This is radiusd output: rad_recv: Access-Request packet from host 172.20.0.88:34613, id=98, length=68 User-Name = "paraprueba" User-Password = "parapeuba" NAS-IP-Address = 172.20.0.88 NAS-Port = 1 Framed-Protocol = PPP Processing the ! authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_realm: No '@' in User-Name = "paraprueba", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Proxying request from user paraprueba to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 71 users: Matched entry DEFAULT at line 147 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: 'as_totalcontrol' Sending Access-Accept of id 98 to 172.20.0.88:34613 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-MTU = 1500 Reply-Message = "as_totalcontrol" Framed-Compression = Van-Jacobson-TCP-IP Finished request 2 It seems as if the regular _expression was matching the UserName attribute instead of the Group attribute. I also tried using regular expressions with the User-Name attribute and they worked as expected. Is it possible to use regular expressions with Group? And if it is so what am I doing wrong? Thanks in advance. Kind regards __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
participants (1)
-
pepe lopez