If in post-auth

Alexander Clouter alex at digriz.org.uk
Wed Jun 15 20:22:44 CEST 2011 

seb2020 <girard.seb at gmail.com> wrote:
> 
> I have a problem in my post-auth configuration. I have write this with the
> help of my other topic in this forum:
> 
> update reply {
> Tunnel-Type := VLAN
> Tunnel-Medium-Type := IEEE-802
> Tunnel-Private-Group-Id := "unauthorised"
> Termination-Action := RADIUS-Request
> Session-Timeout := 300
> Acct-Interim-Interval := 3600
> }
> 
> if ("%{Aruba-Essid-Name}" == "ssid_student") {
>       if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+ at students.XXX.ch/) {
>               update reply {
>                       Tunnel-Private-Group-Id := "std"
>                       Aruba-User-Role := "std"
>               }
>       } else {
>               update reply {
>                       Tunnel-Private-Group-Id := "std_false"
>			Aruba-User-Role := "std_false"
>               }
>       }
> }
> elsif ("%{Aruba-Essid-Name}" == "ssid_staff") {
>               if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+ at XXX.ch/) {
>                       update reply {
>                               Tunnel-Private-Group-Id := "staff"
>                               Aruba-User-Role := "staff"
>                       }
>               } else {
>                       update reply {
>                               Tunnel-Private-Group-Id := "staff_false"
>                               Aruba-User-Role := "staff_false"
>                       }
> }
> 
> And this is the result of radiusd -X :
> 
> Just like it say, Aruba-Essid-Name is : "expand: %{Aruba-Essid-Name} ->
> ssid_staff", but it doesn't work with my if. Why is it not going to the
> elsif ?
>
I suspect it is your use of '} else {', if you use the following 
instead I would not be surprised if it started working:
----
}
else {
----

IIRC FreeRADIUS does not parse that well, after all unlang is not a 
language :)

FYI, I probably would do the above with:
----
if (reply:MailUtilisateur !~ /^[a-z9-0._-]+@(students\.)?XXX\.ch$/) {
	update reply {
		Reply-Message := "Invalid MailUtilisateur Format"
	}
	reject
}

if (Aruba-Essid-Name == "ssid_student") {
	if (($1) && $1 == "students.") {
		update reply {
			Tunnel-Private-Group-Id := "std"
			Aruba-User-Role := "std"
		}
	}
	else {
		update reply {
			Tunnel-Private-Group-Id := "std_false"
			Aruba-User-Role := "std_false"
		}
	}
}
else {
	...
}
----

The regex should extract a usable value when present.

Cheers

-- 
Alexander Clouter
.sigmonster says: wok, n.:
                  	Something to thwow at a wabbit.

More information about the Freeradius-Users mailing list