Setting different IDLE-TIMEOUTS based on IP Address

John Giordano john.giordano at ttmi.us
Wed Apr 17 22:58:12 CEST 2013 

Yeehaw! 

And *Matthew* (sorry about getting your name wrong in the last email):

The new REGEXP is working as such:

Login OK: [xxxxxx] (from client Seattle port 0)
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 134 to 192.168.0.15 port 65460
        Idle-Timeout = 7
        Tellabs-UAP-CLI := "A8"
        Callback-Id := "Admin"
        Reply-Message += "superuser"
        Reply-Message += "Administrator"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 134 with timestamp +14
Ready to process requests.

So I am thankful I can avoid putting a whole bunch of entries in huntgroups... either manually or through a Perl script.  :)

Cheers!

-jg



-----Original Message-----
From: freeradius-users-bounces+john.giordano=ttmi.us at lists.freeradius.org [mailto:freeradius-users-bounces+john.giordano=ttmi.us at lists.freeradius.org] On Behalf Of John Giordano
Sent: Wednesday, April 17, 2013 1:47 PM
To: FreeRadius users mailing list
Subject: RE: Setting different IDLE-TIMEOUTS based on IP Address

Hi all,

We are very appreciative of the community's support of FreeRADIUS.  

So Michael, I did add the line to sites-enabled/default as u suggested

And now the debug output is showing:

++[preprocess] returns ok
++? if ("%{Huntgroup-Name}")
        expand: %{Huntgroup-Name} -> LAB7000 ? Evaluating ("%{Huntgroup-Name}") -> TRUE
++? if ("%{Huntgroup-Name}") -> TRUE
++- entering if ("%{Huntgroup-Name}") {...}
+++- if ("%{Huntgroup-Name}") returns notfound
++- group authorize returns notfound

When I use the regexp of LAB 7000 == 192.168.0.15 

AND!!!  The right IDLE-TIMEOUT is being handed out!  Woohoo!  Thanks to everyone's help on this list.

I will do some more testing and report back when we tweak the regexp to make it match the whole /24.

-jg



-----Original Message-----
From: freeradius-users-bounces+john.giordano=ttmi.us at lists.freeradius.org [mailto:freeradius-users-bounces+john.giordano=ttmi.us at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: Wednesday, April 17, 2013 1:24 PM
To: FreeRadius users mailing list
Subject: Re: Setting different IDLE-TIMEOUTS based on IP Address

Hi,

On Wed, Apr 17, 2013 at 08:38:36PM +0100, Matthew Newton wrote:
> On Wed, Apr 17, 2013 at 12:32:32PM -0500, John Giordano wrote:
> > So in huntgroups I have:
> > 
> > ### RADIUS HUNTGROUP TEST - jg ###
> > 
> > MSP7345   NAS-IP-Address =~ /^10\.99\.3\./
> > SNJ7000   NAS-IP-Address =~ /^10\.3\.99\./
> > LAB7000   NAS-IP-Address =~ /^192\.168\.0./
> 
> Testing it here, I'm not convinced that =~ is working in the 
> huntgroups file, which slightly surprises me.

OK, this is rather inconsistent behaviour compared to unlang, but after digging in the code, the syntax you want is this:

MSP7345   NAS-IP-Address =~ ^10\.99\.3\.
SNJ7000   NAS-IP-Address =~ ^10\.3\.99\.
LAB7000   NAS-IP-Address =~ ^192\.168\.0.

i.e. don't put the usual /'s around the regex.

Matthew


--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list