Problem with regular expressions in users file (v.2.0.x)
Hi all, I was using freeradius version 1.1.1 for a long time on a Scientific Linux v. 5.1 OS and it works fine. Now I am trying to update to the new version 2.0.5. I've converted all the necessary config files (in the /etc/raddb/ directory tree) getting successful authentication. Unfortunately I 've problems with the regular expressions used in the users file, that seems to not work at all. In my radius.conf file exist the following directives: regular_expressions = yes extended_expressions = yes Moreover the ./configure seems to have found the regex.h module and included it at compilation time. The symptom is that the third (but also the fourth for simpler tries) of the following users statements does not match in the case of authentication based on a <username@suffix> style (with Suffix =! "lnf.infn.it"): ----------------------------------------------------------------------------- DEFAULT Auth-Type = Kerberos, Suffix == "lnf.infn.it" DEFAULT Auth-Type = Kerberos, Suffix == "LNF.INFN.IT" DEFAULT Auth-Type := Reject, Suffix =~ "@", Suffix !~ "@(.+\\.|)(infn\\.it|INFN\\.IT)$" DEFAULT Auth-Type := Reject, Suffix =~ "@" ----------------------------------------------------------------------------- I tried several other syntax way, but it seems that regular expressions are disabled. The same users file is regularly working in the version 1.1.1 and 1.1.7 installed on the same system. Can someone help me? Thanks, bye, Massimo -- / | / _____/ / | / _____/ | / / / | / / / / | / / / | / / / | / ___/ _____/ / / | / ___/ / | / / / | / / / / | / / / | / ______/ _/ __/ _/ _/ _/ __/ _/ _/ __/ Massimo Pistoni phone: (+39)-06-9403.2372/2355 Computing Service fax: (+39)-06-9403.2649 LNF-INFN e-mail: Massimo.Pistoni@lnf.infn.it Via Enrico Fermi, 40 www: http://www.lnf.infn.it/ I-00044 Frascati, Italy
Massimo Pistoni wrote:
The symptom is that the third (but also the fourth for simpler tries) of the following users statements does not match in the case of authentication based on a <username@suffix> style (with Suffix =! "lnf.infn.it"): -----------------------------------------------------------------------------
DEFAULT Auth-Type = Kerberos, Suffix == "lnf.infn.it"
DEFAULT Auth-Type = Kerberos, Suffix == "LNF.INFN.IT"
DEFAULT Auth-Type := Reject, Suffix =~ "@", Suffix !~ "@(.+\\.|)(infn\\.it|INFN\\.IT)$"
DEFAULT Auth-Type := Reject, Suffix =~ "@"
Why are you using the Suffix attribute? Why not just perform the checks on the User-Name attribute?
I tried several other syntax way, but it seems that regular expressions are disabled.
The same users file is regularly working in the version 1.1.1 and 1.1.7 installed on the same system.
Do the checks on the User-Name attribute. Quite frankly, I'm surprised that your example did anything in 1.1.x. Alan DeKok.
Thank you Alan, using the User-Name attribute all is OK. For my personal experience, in Information Technology, nothing surprise me anymore! ;-) Bye, thanks, Massimo
Do the checks on the User-Name attribute. Quite frankly, I'm surprised that your example did anything in 1.1.x.
Alan DeKok.
participants (2)
-
Alan DeKok -
Massimo Pistoni