Problem with regular expression and MySQL

Fabio fabio.ped at libero.it
Wed Jan 18 17:19:52 CET 2006 

Hi,
I am freeRADIUS 1.0.5 for authenticating wireless users with PEAP and TTLS. I
use a MySQL database for storing the password and the system works well.

Howerver I have encountered a problem. I use the following line in file users
for checking the passwords of the users that connect from a NAS-ID starting
with NASSQL and having a suffix of "@mydomain.com":
DEFAULT        Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", Suffix == "@mydomain.com", Autz-Type := SQL

The line Freeradius-Proxied-To == 127.0.0.1 is used for checking in the
database, only requests that contain the identity internal to the SSL tunnel
and not the anonymous identity (I don't know if this is the right way to do
it, but it's the only solution I find it to work). With this setting the
system runs well.

Now I want that only users coming from the domain "@mydomain.com" and
having a name of only numbers can access the MySQL, so I change that line to:
DEFAULT Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", User-Name =~ "^(^[0-9]+)(@mydomain.com)$", Autz-Type := SQL

This seems to work when not using MySQL, but the problem arises when doing
the SQL request: seem that when using the regular expression the User-Name
got canceled

This is the relevant part of the log with Suffix but without regular
expression on the User-Name :

radius_xlat:  '57920'
rlm_sql (sql): sql_set_user escaped user --> '57920'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM login_wireless           WHERE Username = '57920'         ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op           FROM login_wireless           WHERE Username = '


And this is the log with the regular expression on the User-Name:
radius_xlat:  ''
  modcall[authorize]: module "sql" returns fail for request 7
modcall: group Autz-Type returns fail for request 7
  PEAP: Got tunneled reply RADIUS code 0
  PEAP: Unknown RADIUS packet type 0: rejecting tunneled user
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7

Now radius_xlat is '' and not '57920' as in the precedent request.
What am I doing wrong?

Thanks,
 Fabio Pedretti

More information about the Freeradius-Users mailing list