unlang?

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Jan 18 16:15:41 CET 2008


Hi,

> I am not sure why, I inherited this setup and I am still trying to understand it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
> 
> The "-X" output says:
> 
> WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
>         expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
>         expand: o=uol -> o=uol
> 
> What is the replacement for ":-" given I don't know what it did in the first place for "man unlang" to be any help!

if Stripped-User-Name exists, then use that, otherwise use User-Name
the :- operator is in unlang too - but the expansion check may need to be
rewritten - eg %{%{Stripped-User-Name}:-%{User-Name}}

its only deprecated right now - not too essential

> 2) Rejecting a user
> 
> I have a specific user account (call it "special") it was barred using:
> 
> special         Auth-Type := Reject
>                 Reply-Message = "Cannot use this user account"
> 
> in the users file.
> 
> Variants like " special", "Special" and "SPECIAL" etc get by this check, and out LDAP server allows them!, so I added:
> 
> lower_user = before
> lower_pass = no
> nospace_user = before
> nospace_pass = no
> 
> to radius.conf. These no longer seem to work. How do you achieve this with version 2.0.0?

gosh. a lot of ways of doing this.... you could use the
unlang method to check....eg

if (%User-Name ~= /^special$/i )
 etc etc etc

or via the attrib filter rewrite

alan



More information about the Freeradius-Users mailing list