Attribute filter file - realm regex allowed?
Alan DeKok
aland at deployingradius.com
Mon Oct 9 19:38:49 UTC 2023
On Oct 6, 2023, at 10:27 AM, John Horne <john.horne at plymouth.ac.uk> wrote:
> Using FreeRADIUS 3.0.20, is it possible to specify the realm as a regex in the
> attribute filter files (/etc/raddb/mods-config/attr_filter/pre-proxy, and the
> post-proxy file)?
>
> I have tried using:
> ^.*\.plymouth\.ac\.uk$
> ~^.*\.plymouth\.ac\.uk$
> "^.*\.plymouth\.ac\.uk$"
>
> Although none of these cause an error, using radmin with a debug condition
> shows that requests do not match the above but match the DEFAULT entry.
Those files don't support regular expressions.
> If a regex is not allowed, is it possible to do something like:
>
> plymouth.ac.uk
> abc.plymouth.ac.uk
> User-Name =* ANY
> ...
>
> so that both of the realms filter the same attributes?
>
> Or do I need to create a separate entry for each realm specifying the relevant
> attributes in each of them?
Why not just write this all in unlang? See "filtering operators" in:
https://freeradius.org/documentation/freeradius-server/3.2.4/unlang/update.html
if (&Realm =~ /regex/) {
update <list> {
... filter
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list