Lookup lists / arrays?

David Hartburn D.J.Hartburn at kent.ac.uk
Wed Nov 2 17:42:10 CET 2016 

Thanks.

I think that is one thing I keep failing to get the correct way round 
with FreeRADIUS, you do not do 'if (do something)', you do something 
then check the result with an if. Once you are in the right mind set, it 
does make some quite neat and tidy configs.

It is not quite working though, do you think I'm specifying my file 
correctly? It certainly seems to be reading it in, running with -X:
   # Loading module "eduroam_static_ip" from file 
/etc/raddb-kent/mods-enabled/files
   files eduroam_static_ip {
   	usersfile = "/etc/raddb-kent/eduroam_static_ip"
   	key = "%{Calling-Station-ID}"
   }
.....
   # Instantiating module "eduroam_static_ip" from file 
/etc/raddb-kent/mods-enabled/files
reading pairlist file /etc/raddb-kent/eduroam_static_ip

Then during an auth test:
(10) eduroam_static_ip: EXPAND %{Calling-Station-ID}
(10) eduroam_static_ip:    --> 42-42-42-42-42-42
(10)       [eduroam_static_ip] = noop
(10)       if (ok) {
(10)       if (ok)  -> FALSE

I had tried following closely the MacAuth guide on the wiki 
(https://wiki.freeradius.org/guide/mac-auth), so I added the Reply-To 
after my MACs just to see if having an attribute in there made a 
difference. With a few different formats thrown in, that now reads:
# eduroam_static_ip
#
# Contains a list of MAC addresses to be assigned to a particular VLAN
# so they can obtain a static IP address.
42-42-42-42-42-42
	Reply-Message = "Moooo"
424242424242
	Reply-Message = "Quack"
'42-42-42-42-42-42'
	Reply-Message = "Oink"
"42-42-42-42-42-42"
	Reply-Message = "Woof"

I was expecting only the first one to work, but it is still failing to 
match.

Dave


On 02/11/16 16:02, Phil Mayers wrote:
> On 02/11/16 15:57, David Hartburn wrote:
>
>>
>> The file itself just contains the MAC address I am testing with:
>> 42-42-42-42-42-42
>
> Oh of course, that's even easier. "files" returns "ok" if it matches but
> not otherwise (IIRC). You can just do this:
>
> postauth {
>   eduroam_static_ip
>   if (ok) {
>     update reply ...
>   }
> }
>
> No need to do foreach. I was thinking about the problem the wrong way
> round.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list