Nas-IP-Address regexp matching in hints/huntgroups working in 2.2.0 and not in 3.0.13
Alan DeKok
aland at deployingradius.com
Fri Dec 15 12:42:31 CET 2017
On Dec 15, 2017, at 6:29 AM, Gianni Costanzi <gianni.costanzi at gmail.com> wrote:
> So I've tried to implement the code I need to replicate what I was using in
> older Freeradius:
>
> if (&User-Name =~ /^(xx[e0][0-9]{3})$/ \
> && NAS-IP-Address !~ /REGEXP/ \
> && NAS-IP-Address !~ /REGEXP/ \
> && NAS-IP-Address !~ /REGEXP/ \
> [...]
> && NAS-IP-Address !~ /REGEXP/ \
> && NAS-IP-Address !~ /REGEXP/ {
> update request {
> &User-Name := "%{User-Name}@myrealm"
> }
> }
>
> The problem now is that there are too many conditions and radius server
> does not start:
As I suggested earlier... see "man rlm_passwd". You can create local groups for the NASes.
i.e. instead of listing masses of regular expressions, just create a simple flat file with (a) the IP of the NAS, and (b) the group it should belong to. You can create a local "NAS-Group" attribute. See the rlm_passwd documentation for examples.
Then in the "authorize" section, do:
if ((User-Name =~ /regex/) && (NAS-Group == "foo")) {
...
}
> If I reduce the number of "&& NAS-IP-Address" rows it works.
Using groups is simpler than large numbers of if / then / else conditions.
Alan DeKok.
More information about the Freeradius-Users
mailing list