unlang vs suffix

Khapare Joshi khapare77 at gmail.com
Thu Nov 6 18:08:52 CET 2014 

ah this is the way to go. so basically disable suffix from both
sites-enabled/default and sites-enabled/inner-tunnel, then have this unlang
in sites-enabled/default authorized section -- nice

ok now you are also proxing sub-domain.iscte.pt, maybe either
sub-domain.iscte.pt Proxy-To-Realm := LOCAL or reject them, this way you
won't proxing allpossiblesubdomain.iscte.pt to your EDUROAM,

how is the correct unlang for rejecting or proxy to LOCAL for
subdomain.iscte.pt  ?





On Wed, Nov 13, 2013 at 4:50 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> > I have a simple doubt; I have seen many times a couple of people saying
> they prefer to use unlang than the suffix directive; what´s the advantage
> of - supposing proxy.conf is adequately  configured, instead of doing
>
> Suffix is deprecated, it was remove from version 3.x.x because it
> duplicated behaviour
> available with unlang.
>
> If you want to use new versions of the server you don't have a choice.
>
> >
> >
> > suffix
> >
> > do instead (ignore the if part, I know it is missing in the example
> above, it is here just for the sake of clarity):
> >
> >
> >         if (!(User-Name =~ /^([^@]*)@(.+)$/)) {
> >            update reply {
> >               Reply-Message := "malformed username"
> >            }
> >            reject
> >         }
> >         else {
> >            update request {
> >                 Stripped-User-Name := "%{1}"
> >                 Realm := "%{2}"
> >            }
> >            if (Realm == "iscte.pt") {
> >               update control {
> >                  Proxy-To-Realm := LOCAL
> >               }
> >            }
> >            else {
> >               update control {
> >                  Proxy-To-Realm := EDUROAM
> >               }
> >            }
> >         }
>
> Suffix is more magic. The logic isn't obvious to someone new to
> FreeRADIUS, whereas writing it out explicitly in
> unlang is easily understandable.
>
> It's also not obvious (by the name) that suffix will also setup proxying,
> as well as mangling the username.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141106/8f9ec690/attachment.html>

More information about the Freeradius-Users mailing list