Attribute filtering with regex problem

John Horne john.horne at plymouth.ac.uk
Tue Oct 24 14:51:18 CEST 2017


Hello,

(Using Freeradius 3.0.13)
I have been modifying our 'mods-config/attr_filter/post-proxy' filter file to
allow through a couple of 'Service-Type' attribute values after proxying.
However, to allow more than one value the only way I can get it to work is to
specify the value as 'ANY'. (Running 'radiusd -X' shows the access-accept
packet being sent out with the attribute.) In particular, I have been trying to
use a regular expression but the attribute always gets filtered out.

This works:

  Service-Type =* ANY,

I have also tried:

  Service-Type =~ /Framed-User|Login-User/,
also
  Service-Type =~ "Framed-User|Login-User",
also
  Service-Type =~ "/Framed-User|Login-User/",
even
  Service-Type =~ Framed-User|Login-User,

These all failed. Running 'radiusd -X' showed no error or warning with the
filter files syntax for the entry, but showed the acess-accept packet being
sent out without the attribute. I finally repeated the above regex entries just
using 'Framed-User' (in case the '|' was causing a problem). These too caused
the attribute to be filtered out.

So my question is, what is the correct syntax for using '=~' with a regex in
the post-proxy filter file?



Thanks,

John.

--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>

This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.



More information about the Freeradius-Users mailing list