2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Jun 13 18:05:39 CEST 2007
>
>> Control instead of config ?
>
> Yes. "config" is already used for configuration-file stuff.
Both appear to work and do the same thing when updating things...
Ok,
It appears that either update request is broken,
or something else weird is happening.
if(("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)) {
if(("%{2}" == "") || ("%{2}" == "sussex.ac.uk")){
update request {
Stripped-User-Name := "%{1}"
Realm := "local"
}
}
else{
update request {
Stripped-User-Name := "%{0}"
Realm = "%{2}"
}
}
}
That sorts out username formating, means you can use
ntdomain\user at domain, and things will still work *sigh* (never
underestimate the stupidity of yours users).
It basically says if user has no realm or has specified sussex as their
realm, update the request, set stripped-user-name to be their username
and set Realm to be "local".
else set their username as the entire User-Name string and set the
request realm to be their specified Realm.
Later in the config file theres:
# PROXYING LOGIC
# Eventually if we ever need to proxy to multiple locations we can do
checks here, but for now assume all non local realms go through JRS
if("%{request:Realm}" != "local"){
update control {
Proxy-To-Realm := "jrs"
}
update request {
Realm := "jrs"
}
}
So if the realm is not local then proxy to realm jrs (this is why I was
waiting for the switch statement :) )
++? if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/))
expand: %{User-Name} -> ac221
?? Evaluating ("%{User-Name}" =~ /([^-]+)-emergency-/) -> FALSE
expand: %{User-Name} -> ac221
?? Evaluating ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) -> TRUE
++? if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)) -> TRUE
++- entering if (("%{User-Name}" =~ /([^-]+)-emergency-/) ||
("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/))
+++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk"))
expand: %{2} ->
?? Evaluating ("%{2}" == "") -> TRUE
?? Skipping ("%{2}" == "sussex.ac.uk")
+++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) -> TRUE
+++- entering if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk"))
expand: %{1} -> ac221
++++[request] returns updated
+++- if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) returns updated
+++ ... skipping else for request 0: Preceding "if" was taken
++- if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)) returns updated
++? if ("%{request:Realm}" != "local")
expand: %{request:Realm} ->
? Evaluating ("%{request:Realm}" != "local") -> TRUE
++? if ("%{request:Realm}" != "local") -> TRUE
++- entering if ("%{request:Realm}" != "local")
+++[control] returns updated
See brokeness:
?? Evaluating ("%{2}" == "") -> TRUE
?? Skipping ("%{2}" == "sussex.ac.uk")
+++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) -> TRUE
+++- entering if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk"))
expand: %{1} -> ac221
++++[request] returns updated
Stripped-User-Name set to ac221
and i'm guessing Realm set to local...
but then:
++? if ("%{request:Realm}" != "local")
expand: %{request:Realm} ->
No local ?!
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list