Repeatable problem with Client-Shortname
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 23 22:46:50 CEST 2011
On 06/23/2011 07:25 PM, Brian Candler wrote:
> On Thu, Jun 23, 2011 at 06:04:33PM +0200, Alan DeKok wrote:
>> Brian Candler wrote:
>>> Here's a strange problem: the Client-Shortname attribute won't match a
>>> regexp unless it's inside a string expansion. Simple example:
>>
>> It isn't a real attribute. You can use real attributes by name.
>> "Fake" attributes like (insert list here), you need to use string expansion.
>
> What's the definition of "Fake" here? Client-IP-Address doesn't seem any
> more real...
The difference is that "%{Client-Shortname}" runs through xlat.c and
eventually xlat_packet, which "knows" about magic attributes.
"if (Client-Shortname == ...)" runs through modcall.c and evaluate.c,
ending up in radius_do_cmp. This doesn't know about special attributes;
only real ones, or anything with a paircompare() registered e.g. LDAP-Group.
How, then, does Client-IP-Address work? Ah - rlm_expr registers a
paircompare() for this!
It is confusing.
More information about the Freeradius-Devel
mailing list