Unmatched ( or \(, and, more broadly, setting Stripped-User-Name

Alexander Clouter alex at digriz.org.uk
Thu Jul 14 09:42:45 CEST 2011

In article <795D5EE4-7536-431E-926A-98E70EFA1771 at vt.edu> you wrote:
> So, one of my last things here is making sure I can get at the
> stripped usernames for my domain users, as they're authorized by their
> stripped name, not the name w/ which they're authenticating.  Forex,
> if I'm using my AD credentials to log in, User-Name = hokies\dawson,
> but I'm authorized for WLAN access as 'dawson,' not 'hokies\dawson.'
Although to prevent down the road severe levels of pain when enabling
eduroam you should be using something like 'dawson at hokies.vt.edu', could
you not just use 'ntdomain' (a built in module that will do this for
you)?  'ntdomain' should create Realm and Stripped-User-Name in the
manner you want.

> That's all well and good, as I should just be able to use
> Stripped-User-Name in my queries and it'll be fine (assuming it
> exists, using the :- operator and doing a little logic there, which I
> have working fine).  However, I haven't found a way, or maybe just the
> right way, to get the realms module to create that stripped user name
> at the right time, and when I use the perl module to create it and add
> it to the list, it doesn't seem to come out the other side, like so:
> [snipped]
> I _tried_ getting this working in unlang, but that got mess pretty
> fast, and started complaining about unmatched parens:
I was going to ask why you were not doing the perl stuff in unlang. :)

> (1)    ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/)
> (1)     expand: %{User-Name} -> hokies\dawson
> ERROR: Failed compiling regular expression: Unmatched ( or \(
> (1)   - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated
> where the relevant part of sites-enabled/default authorize section 
looks thus:
> elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){
>   update request{
>     Stripped-User-Name := "%{$`}"
>   }
> }
$' and $` is a perlism.  You want something like (look at policy.conf
rewrite.calling_station_id and rewrite.called_station_id as an example):
if (User-Name =~ /^[^\\]\\?(.*)$/) {
  update request {
    Stripped-User-Name := "%{1}"

Untested, but hopefully you get the idea.  :)


Alexander Clouter
.sigmonster says: Sauron is alive in Argentina!

More information about the Freeradius-Users mailing list