regexp and Group

pepe lopez guildivernos at yahoo.com
Fri Nov 4 14:01:20 CET 2005 

Sorry fot using html it was not my intention, hope
this is pain text !!

Hi!

I am using the 1.0.5  freeradius version.

 

radiusd -v
radiusd: FreeRADIUS Version 1.0.5, for host , built on
Nov  1 2005 at 16:22:00
Copyright (C) 2000-2003 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the
terms of the
GNU General Public License.
For more information about these matters, see the file
named COPYRIGHT.

I am trying to use regular expressions with the Group
attribute, but it’s not working the way I expected.

 

This is how my users file looks like:

 

DEFAULT Auth-Type := Accept
       Fall-Through = Yes




DEFAULT Group =~ "^test.*"
       Reply-Message = "%{0}",
       Fall-Through = No




DEFAULT Huntgroup-Name == "as_totalcontrol"
       Service-Type = Framed,
       Framed-Protocol = PPP,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-IP-Address = 255.255.255.254,
       Framed-Routing = None,
       Framed-MTU = 1500,
       Reply-Message = "as_totalcontrol",
       Framed-Compression = Van-Jacobson-TCP-IP,
       Fall-Through = No

 

First I tried a radtest with user “test” which belongs
to group “test”

 

groups test1
test1 : test_group_2

radtest -d /etc/raddb/ test1 test1 172.20.0.88 1  hola
1 172.20.0.88
Sending Access-Request of id 86 to 172.20.0.88:1812
       User-Name = "test1"
       User-Password = "test1"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
rad_recv: Access-Accept packet from host
172.20.0.88:1812, id=86, length=27
       Reply-Message = "test1"


I ran freeradius in debug mode (radiusd –X)

 

This is the output:

 

rad_recv: Access-Request packet from host
172.20.0.88:34613, id=86, length=63
       User-Name = "test1"
       User-Password = "test1"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
 Processing the authorize! section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module "preprocess" returns ok
for request 1
   rlm_realm: No '@' in User-Name = "test1", looking
up realm NULL
   rlm_realm: Found realm "NULL"
   rlm_realm: Proxying request from user test1 to
realm NULL
   rlm_realm: Adding Realm = "NULL"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for
request 1
   users: Matched entry DEFAULT at line 71
   users: Matched entry DEFAULT at line 123
radius_xlat:  'test1'
 modcall[authorize]: module "files" returns ok for
request 1
modcall: group authorize returns ok for request 1
 rad_check_password:  Found Auth-Type Accept
 rad_check_password: Auth-Type = Accept, accepting the
user
radius_xlat:  'test1'
Sending Access-Accept of id 86 to 172.20.0.88:34613
       Reply-Message = "test1"
Finished request 1
Going to the next request

 

Then I tried this:

 

groups paraprueba
paraprueba : test


radtest -d /etc/raddb/ paraprueba parapeuba
172.20.0.88 1  hola 1 172.20.0.88
Sending Access-Request of id 98 to 172.20.0.88:1812
       User-Name = "paraprueba"
       User-Password = "parapeuba"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
rad_recv: Access-Accept packet from host
172.20.0.88:1812, id=98, length=79
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-IP-Netmask = 255.255.255.255
       Framed-IP-Address = 255.255.255.254
       Framed-Routing = None
       Framed-MTU = 1500
       Reply-Message = "as_totalcontrol"
       Framed-Compression = Van-Jacobson-TCP-IP


This is radiusd output:

 

rad_recv: Access-Request packet from host
172.20.0.88:34613, id=98, length=68
       User-Name = "paraprueba"
       User-Password = "parapeuba"
       NAS-IP-Address = 172.20.0.88
       NAS-Port = 1
       Framed-Protocol = PPP
 Processing the ! authorize section of radiusd.conf
modcall: entering group authorize for request 2
 modcall[authorize]: module "preprocess" returns ok
for request 2
   rlm_realm: No '@' in User-Name = "paraprueba",
looking up realm NULL
   rlm_realm: Found realm "NULL"
   rlm_realm: Proxying request from user paraprueba to
realm NULL
   rlm_realm: Adding Realm = "NULL"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for
request 2
   users: Matched entry DEFAULT at line 71
   users: Matched entry DEFAULT at line 147
 modcall[authorize]: module "files" returns ok for
request 2
modcall: group authorize returns ok for request 2
 rad_check_password:  Found Auth-Type Accept
 rad_check_password: Auth-Type = Accept, accepting the
user
radius_xlat:  'as_totalcontrol'
Sending Access-Accept of id 98 to 172.20.0.88:34613
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-IP-Netmask = 255.255.255.255
       Framed-IP-Address = 255.255.255.254
       Framed-Routing = None
       Framed-MTU = 1500
       Reply-Message = "as_totalcontrol"
       Framed-Compression = Van-Jacobson-TCP-IP
Finished request 2

It seems as if the regular _expression was matching
the User–Name attribute instead of the Group
attribute.

 

I also tried using regular expressions with the
User-Name attribute and they worked as expected.

 

Is it possible to use regular expressions with Group?

And if it is so what am I doing wrong?

 

Thanks in advance.

Kind regards  


	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

More information about the Freeradius-Users mailing list