Nas-IP-Address regexp matching in hints/huntgroups working in 2.2.0 and not in 3.0.13
Alan Buxey
alan.buxey at gmail.com
Thu Dec 7 18:24:20 CET 2017
authorize section of the default virtual server for a vanilla install.
AFTER the modules that service the request but before the first calls to eg
pap and EAP etc
alan
On 7 Dec 2017 3:35 pm, "Gianni Costanzi" <gianni.costanzi at gmail.com> wrote:
> > > 2) if they do not work anymore, how should I implement "if you are user
> > > XXXX (with regexp) and the NAS-IP-Address is not one of the listed
> ones,
> > > then do User-Name manipulation?
> >
> > Use Unlang
> >
> > if ((User-Name =~ /regex/) && \
> > ((NAS-IP-Address =~ /regex/) || \
> > (NAS-IP-Address =~ /regex/) ...
> >
> > But realistically, if you have a list of IP addresses, it's better to
> > put them into groups, and check the group. See "rlm_passwd", and "man
> > rlm_passwd".
> >
> > You can create groups which match a list of addresses (no regex), and
> > then just do group checking.
> >
> > Alan DeKok.
> >
>
> Hi Alan,
> I was thinking about what you've told me yesterday.. I think that matching
> NAS-IP-Addresses in order to set a specific "group" attribute as you've
> suggested can work to replace the huntgroups logic I'm using in the old
> Freeradius 2.2.0 config..
>
> If I've understood well, implementing the hints' file logic I'm using in
> 2.2.0 must be done with Unlang, so the following hints code
>
> DEFAULT User-Name =~ "^(xx[e0][0-9]{3})$", NAS-IP-Address !~
> "10\.10\.1\.11[89]$", NAS-IP-Address !~ "10\.10\.2\.(10|20)$"
> User-Name := "%{User-Name}@imp"
>
> should become this Unlang code:
>
> if (User-Name =~ /^(xx[e0][0-9]{3})$/) \
> && NAS-IP-Address !~ /10\.10\.1\.11[89]$/ \
> && NAS-IP-Adddress !~ /10\.10\.2\.(10|20)$/)
> {
> User-Name := "%{User-Name}@imp"
> }
>
> If this should work, I still don't know in which configuration file I
> should put this code in order to manipulate the User-Name in the
> preprocessing step, before authentication on SQL/files happens.
>
> Best regards,
> Gianni Costanzi
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list