3.2.0 - huntgroups and regex
Alan DeKok
aland at deployingradius.com
Wed Jul 13 18:13:34 UTC 2022
On Jul 13, 2022, at 1:24 PM, Dave Macias <davama at gmail.com> wrote:
>
> Im attempting to move from FR v3.0.20 (rpm) to v3.2.0 (docker)
>
> Noticing some interesting behavior, mostly with regex and huntgroups
>
> This no longer works in huntgroups
>
> router NAS-Identifier =~
> "[[:alnum:]]+-[[:alnum:]]+-[[:alnum:]]+-(?i)rtr-[[:alnum:]]+"
So far as I know, nothing related to that has changed from 3.0.x to 3.2.
Did you change which regular expression libraries the systems are using?
> If i just do
>
> DEFAULT Ldap-Group == 'router-manager'
> DEFAULT Ldap-Group == 'switch-manager'
>
> then if a user is part of both ldap groups, then it will always match the
> first DEFAULT and not the second.
Yes... see the "Fall-Through" attribute. There's examples in mods-config/files/authorize. The same system works here.
Alan DeKok.
More information about the Freeradius-Users
mailing list