unlang vs suffix
Khapare Joshi
khapare77 at gmail.com
Thu Nov 6 18:08:52 CET 2014
ah this is the way to go. so basically disable suffix from both
sites-enabled/default and sites-enabled/inner-tunnel, then have this unlang
in sites-enabled/default authorized section -- nice
ok now you are also proxing sub-domain.iscte.pt, maybe either
sub-domain.iscte.pt Proxy-To-Realm := LOCAL or reject them, this way you
won't proxing allpossiblesubdomain.iscte.pt to your EDUROAM,
how is the correct unlang for rejecting or proxy to LOCAL for
subdomain.iscte.pt ?
On Wed, Nov 13, 2013 at 4:50 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
>
> > I have a simple doubt; I have seen many times a couple of people saying
> they prefer to use unlang than the suffix directive; what´s the advantage
> of - supposing proxy.conf is adequately configured, instead of doing
>
> Suffix is deprecated, it was remove from version 3.x.x because it
> duplicated behaviour
> available with unlang.
>
> If you want to use new versions of the server you don't have a choice.
>
> >
> >
> > suffix
> >
> > do instead (ignore the if part, I know it is missing in the example
> above, it is here just for the sake of clarity):
> >
> >
> > if (!(User-Name =~ /^([^@]*)@(.+)$/)) {
> > update reply {
> > Reply-Message := "malformed username"
> > }
> > reject
> > }
> > else {
> > update request {
> > Stripped-User-Name := "%{1}"
> > Realm := "%{2}"
> > }
> > if (Realm == "iscte.pt") {
> > update control {
> > Proxy-To-Realm := LOCAL
> > }
> > }
> > else {
> > update control {
> > Proxy-To-Realm := EDUROAM
> > }
> > }
> > }
>
> Suffix is more magic. The logic isn't obvious to someone new to
> FreeRADIUS, whereas writing it out explicitly in
> unlang is easily understandable.
>
> It's also not obvious (by the name) that suffix will also setup proxying,
> as well as mangling the username.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141106/8f9ec690/attachment.html>
More information about the Freeradius-Users
mailing list