hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x)
Bernd
bernd at kroenchenstadt.de
Mon Oct 12 17:12:28 CEST 2015
Am 2015-10-12 16:57, schrieb Herwin Weststrate:
> On 12-10-15 16:43, Bernd wrote:
>> Am 2015-10-12 16:23, schrieb Alan DeKok:
>>> On Oct 12, 2015, at 10:08 AM, Bernd <bernd at kroenchenstadt.de> wrote:
>>>>
>>>> Thanks a lot for your reply, Alan. I deleted it from hints and put
>>>> your snippet into the config, however I still get that error:
>>>
>>> Escape the % with a backslash.
>>
>> Escaped all %'s with a backslash, same problem.
>
> Actually, the % should not be escaped with a slash, but with another %.
> The problem here isn't regex escaping, but xlat that tries to expand
> the
> % variable.
>
> The following piece of code should work:
>
> if (User-Name =~ /bla-bla\/([^%%]+)%%kroenchenstadt.de/) {
> update control {
> User-Name := "%{1}@kroenchenstadt.de"
> }
> }
The code itself seems to work, thanks a lot! However, it still sends a
"=25" (which originates from the forbidden character "%" regarding its
use within a MySQL setup) to the MySQL:
(20) if (&User-Name =~ /@\\./)
(20) if (&User-Name =~ /@\\./) -> FALSE
(20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/)
(20) EXPAND bla-bla/([^%%]+)%%kroenchenstadt.de
(20) --> bla-bla/([^%]+)%kroenchenstadt.de
(20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) -> TRUE
(20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) {
(20) update control {
(20) EXPAND %{1}@kroenchenstadt.de
(20) --> 20082105 at kroenchenstadt.de
(20) User-Name := "20082105 at kroenchenstadt.de"
(20) } # update control = noop
(20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) =
noop
(20) } # filter_username filter_username = noop
(20) [preprocess] = ok
(20) [chap] = noop
(20) [mschap] = noop
(20) [digest] = noop
(20) suffix : Checking for suffix after "@"
(20) suffix : No '@' in User-Name =
"bla-bla/20082105%kroenchenstadt.de", looking up realm NULL
(20) suffix : No such realm "NULL"
(20) [suffix] = noop
(20) eap : No EAP-Message, not doing EAP
(20) [eap] = noop
(20) sql : EXPAND %{User-Name}
(20) sql : --> bla-bla/20082105%kroenchenstadt.de
(20) sql : SQL-User-Name set to 'bla-bla/20082105%kroenchenstadt.de'
rlm_sql (sql): Reserved connection (4)
*****
(20) sql : EXPAND SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(20) sql : --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'bla-bla/20082105=25kroenchenstadt.de' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'bla-bla/20082105=25kroenchenstadt.de'
ORDER BY id'
rlm_sql (sql): Released connection (4)
*****
(20) [sql] = notfound
(20) [expiration] = noop
So, filter in policy.d doesn't really *apply* it as I get from
(20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) =
noop
(20) } # filter_username filter_username = noop
That makes no sense to me because I didn't tell it to noop.
Bernd
> There is no need to escape the hyphen in regex either, so I've removed
> that escape too. I've tested it with 3.0.10.
More information about the Freeradius-Users
mailing list