Auth by NAS-Identifier using unlang

[Arran Cudbard-Bell]

On 5 Aug 2013, at 22:37, Joseph Perrin <joseph at lifeonthestreet.org> wrote:

> The following appears to now work, but I don't understand some things:
> 
> files
> 
> if (control:Local-Group != "%{NAS-Identifier}" ) {
> 
> Why does control:Local-Group not need to be enclosed in "%{ }", but NAS-Identifier does?

In 2.x.x bareword left operand is assumed to be an attribute reference. Right bareword operand is assumed to be a number literal, or a member of the set of string values associated with an integer attribute.

LHS/RHS operands are not interchangeable in their roles.

> And why does %{ } content need to be within quotes

It's a string expansion, string expansions only function inside double quotes.  This is similar to variable expansion in most scripting languages.

> , when the documentation doesn't say anything about them needing to be in quotes?

Man unlang

VARIABLES
     Run-time variables are referenced using the following syntax

     		%{Variable-Name}

     Note that unlike C, there is no way to declare variables, or to refer to them  outside  of  a  string
     context.   All  references  to  variables  MUST be contained inside of a double-quoted or back-quoted
     string."

> It's clear I must have a call to "files" prior to this in order to populate the "control" list, right?

Yes.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team