User-Name attribute being evaluated as regular expression???

Alan DeKok aland at deployingradius.com
Thu Apr 24 16:59:26 CEST 2008 

bmccorkle wrote:
>   I have an issue and haven't been able to find any online help.  I thought
> I had freeradius working correctly but discovered yesterday that if a user's
> name starts with 'r' then they can't login.  I setup an unlang if statement
> (in the default sites available) to handle whether the login is a computer,
> user, or pda request (I'm assuming this is the best way to do it).  The
> statement copies the User-Name attribute over to a Stripped-User-Name
> attribute and manipulates the Stripped-User-Name as necessary. Normally when
> a user logs in it's in the format:   DOMAIN\first.lastname.  I created some
> attr_rewrite modules to strip the domain and period out of the username.

  You don't need to do that.  You can just use regular expressions.

> It was working fine, but I discovered if Randy Hall logs in (User-Name =
> DOMAIN\randy.hall); Stripped-User-Name becomes:  
> DOMAIN andy halll   (domain is not removed, the r in his name disappears and
> the last letter seems to be doubled (I tried this with another user and it
> removed the r from his name and doubled the 's' at the end of his name as
> well).

  I think there's an issue with the attr_rewrite module.  Grab the
latest one in CVS.... it may be better.

> So what is going on exactly?  I'm not an expert but it seems like the
> attribute is being evaluated as a regular expression???

  No... I think your configuration is too complex.

>         attr_rewrite copy.user-name {
>         attribute = Stripped-User-Name
>         new_attribute = yes
>         searchfor = ""
>         searchin = packet
>         replacewith = "%{User-Name}"
>         }

  You don't need this.  The regular expression code && unlang can do all
of this.

  It's not clear to me what you're trying to do, because your
configuration is so complex.  Just write a bunch of regular expressions
to match what you want, and use %{1}, etc.

  Try writing a few *simple* examples of what you want to do.  Odds are
you can write a simple regex expression that does everything.  You don't
need attr_rewrite.

	e.g. for : DOMAIN\randy.hall

	if (User-Name =~ /^DOMAIN\\(.*)/) {
		update request {
			Stripped-User-Name := "%{1}"
		}
	}
  I don't see why it has to be more complex than that.


  Alan DeKok.

More information about the Freeradius-Users mailing list