Question on Unlang
Brian Candler
b.candler at pobox.com
Sat Mar 25 12:25:05 CET 2017
On 25/03/2017 06:07, Olivier CALVANO wrote:
> SubRealm_Exclude {
> network.local
> admin.local
> wifi.local
> }
>
> and after put in if condition :
>
> if ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name =~
> /\\.local/) && (User-Name !~ SubRealm_Exclude) &&
> ("%{Packet-Src-IP-Address}" == "192.168.20.1")) {
> update reply {
> <...>
> }
> }
Regular expressions are your friend:
if (Tunnel-Server-Endpoint:0[0] != '172.16.1.1' && User-Name =~
/\\.local$/ && User-Name !~ /(network|admin|wifi)\\.local$/i) && ...
A couple of notes:
- add '$' to match at the end of string only, otherwise a username like
foo.local at bar.com would match
- add /i flag to do case-insensitive match; otherwise foo at network.local
would be blocked but foo at Network.local would be permitted.
And if you're using freeradius 3.x then it's better to use the newer
attribute reference syntax (&) instead of string expansion:
if (&Tunnel-Server-Endpoint:0[0] != 172.16.1.1 && &User-Name =~
/\\.local$/ && &User-Name !~ /(network|admin|wifi)\\.local$/i) && ...
This means the IP address is compared as an IP address, not as a string
of characters.
HTH,
Brian.
More information about the Freeradius-Users
mailing list