Problem with regular expression and MySQL
Fabio
fabio.ped at libero.it
Wed Jan 18 17:19:52 CET 2006
Hi,
I am freeRADIUS 1.0.5 for authenticating wireless users with PEAP and TTLS. I
use a MySQL database for storing the password and the system works well.
Howerver I have encountered a problem. I use the following line in file users
for checking the passwords of the users that connect from a NAS-ID starting
with NASSQL and having a suffix of "@mydomain.com":
DEFAULT Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", Suffix == "@mydomain.com", Autz-Type := SQL
The line Freeradius-Proxied-To == 127.0.0.1 is used for checking in the
database, only requests that contain the identity internal to the SSL tunnel
and not the anonymous identity (I don't know if this is the right way to do
it, but it's the only solution I find it to work). With this setting the
system runs well.
Now I want that only users coming from the domain "@mydomain.com" and
having a name of only numbers can access the MySQL, so I change that line to:
DEFAULT Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", User-Name =~ "^(^[0-9]+)(@mydomain.com)$", Autz-Type := SQL
This seems to work when not using MySQL, but the problem arises when doing
the SQL request: seem that when using the regular expression the User-Name
got canceled
This is the relevant part of the log with Suffix but without regular
expression on the User-Name :
radius_xlat: '57920'
rlm_sql (sql): sql_set_user escaped user --> '57920'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM login_wireless WHERE Username = '57920' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM login_wireless WHERE Username = '
And this is the log with the regular expression on the User-Name:
radius_xlat: ''
modcall[authorize]: module "sql" returns fail for request 7
modcall: group Autz-Type returns fail for request 7
PEAP: Got tunneled reply RADIUS code 0
PEAP: Unknown RADIUS packet type 0: rejecting tunneled user
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
Now radius_xlat is '' and not '57920' as in the precedent request.
What am I doing wrong?
Thanks,
Fabio Pedretti
More information about the Freeradius-Users
mailing list