unlang?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Jan 18 16:15:41 CET 2008
Hi,
> I am not sure why, I inherited this setup and I am still trying to understand it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
>
> The "-X" output says:
>
> WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
> expand: o=uol -> o=uol
>
> What is the replacement for ":-" given I don't know what it did in the first place for "man unlang" to be any help!
if Stripped-User-Name exists, then use that, otherwise use User-Name
the :- operator is in unlang too - but the expansion check may need to be
rewritten - eg %{%{Stripped-User-Name}:-%{User-Name}}
its only deprecated right now - not too essential
> 2) Rejecting a user
>
> I have a specific user account (call it "special") it was barred using:
>
> special Auth-Type := Reject
> Reply-Message = "Cannot use this user account"
>
> in the users file.
>
> Variants like " special", "Special" and "SPECIAL" etc get by this check, and out LDAP server allows them!, so I added:
>
> lower_user = before
> lower_pass = no
> nospace_user = before
> nospace_pass = no
>
> to radius.conf. These no longer seem to work. How do you achieve this with version 2.0.0?
gosh. a lot of ways of doing this.... you could use the
unlang method to check....eg
if (%User-Name ~= /^special$/i )
etc etc etc
or via the attrib filter rewrite
alan
More information about the Freeradius-Users
mailing list