Question on Unlang

Olivier CALVANO o.calvano at gmail.com
Wed Mar 29 17:43:21 CEST 2017 

Hi

ok i have added into sites-available/default in section authorize
 'subrealm' but no change.

the module is loaded, i see in -X logs:

 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_files
 Module: Instantiating module "subrealm" from file
/etc/raddb/modules/subrealm
  files subrealm {
        compat = "cistron"
        key = "%{Realm}"
  }




+++? elsif ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name =~
/\\.local/) && (User-Name !~ /admin\\.local/) && (&control:Tmp-String-0 !=
"Excluded") && ("%{Packet-Src-IP-Address}" == "192.168.50.100"))
?? Evaluating (Tunnel-Server-Endpoint:0[0] != '172.16.1.1') -> TRUE
?? Evaluating (User-Name =~ /\\.local/) -> TRUE
?? Evaluating (User-Name !~ /admin\\.local/) -> TRUE
?? Evaluating (&control:Tmp-String-0 != "Excluded") -> TRUE
expand: %{Packet-Src-IP-Address} -> 192.168.50.100
?? Evaluating ("%{Packet-Src-IP-Address}" == "192.168.50.100") -> TRUE
+++? elsif ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name =~
/\\.local/)  && (&control:Tmp-String-0 != "Excluded") &&
("%{Packet-Src-IP-Address}" == "192.168.50.100")) -> TRUE




i see: ?? Evaluating (&control:Tmp-String-0 != "Excluded") -> TRUE
but domain @network.local is specified in
    network.local Tmp-String-0 := "Excluded"


rzgards

2017-03-29 17:13 GMT+02:00 Brian Candler <b.candler at pobox.com>:

> On 29/03/2017 15:29, Olivier CALVANO wrote:
>
>> thanks, i think's that files modules is the solution because we have
>> actually 40 domains and in may we add 150 new domain without
>> sub-subdomains
>>
>> a question because i have tested but that's don't work. i have:
>>
>> added in /etc/raddb/modules/subrealm:
>>
>> files subrealm {
>>          key = "%{Realm}"
>>          filename = ${confdir}/Liste-des-Sous-Realm
>> }
>>
>>
>> in /etc/raddb/Liste-des-Sous-Realm, i have:
>> network.local Tmp-String-0 := "Excluded"
>> admin.local Tmp-String-0 := "Excluded"
>> wifi.local Tmp-String-0 := "Excluded"
>>
>> in my /etc/raddb/policy.d/my.conf:
>>
>>          if ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name
>> =~
>> /\\.local/) && (&control:Tmp-String-0 != "Excluded") &&
>> ("%{Packet-Src-IP-Address}" == "192.168.20.1")) {
>>                  update reply {
>>                            <...>
>>                  }
>>          }
>>          elsif ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') &&
>> (&control:Tmp-String-0 != "Excluded") && ("%{Packet-Src-IP-Address}" ==
>> "192.168.50.1")) {
>>                  update reply {
>>                            <...>
>>                  }
>>          }
>>
>>
>> and when i am connect with @network.local, all time i have:
>>       ?? Evaluating (&control:Tmp-String-0 != "Excluded") -> TRUE
>>
>
> You need to invoke the 'subrealm' module somewhere in your authorize {}
> section.  Then your freeradius -X output should show it being invoked, and
> whether it found the realm in there.
>
> Regards,
>
> Brian.
>
>

More information about the Freeradius-Users mailing list