unlang?
Alan DeKok
aland at deployingradius.com
Fri Jan 18 16:23:46 CET 2008
Dean, Barry wrote:
> 1) I have the line:
>
> filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
>
> I am not sure why, I inherited this setup and I am still trying to understand it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
In 1.1.7, read doc/variables.txt
> What is the replacement for ":-" given I don't know what it did in the first place for "man unlang" to be any help!
Look for ":-" in "man unlang.
In this case, you want:
filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"
Which looks a lot like the example in the "man" page.
> I have a specific user account (call it "special") it was barred using:
>
> special Auth-Type := Reject
> Reply-Message = "Cannot use this user account"
>
> in the users file.
>
> Variants like " special", "Special" and "SPECIAL" etc get by this check, and out LDAP server allows them!, so I added:
>
> lower_user = before
> lower_pass = no
> nospace_user = before
> nospace_pass = no
>
> to radius.conf. These no longer seem to work. How do you achieve this with version 2.0.0?
"man unlang". Look for "case-insensitive". In this case, you would
delete that "users" file entry, and use "unlang"
authorize {
...
if ("%{User-Name}" =~ /special/i) {
update reply {
Reply-Message = "Cannot use this user account"
reject
}
}
...
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list