In article <795d5ee4-7536-431e-926a-98e70efa1...@vt.edu> you wrote: > > So, one of my last things here is making sure I can get at the > stripped usernames for my domain users, as they're authorized by their > stripped name, not the name w/ which they're authenticating. Forex, > if I'm using my AD credentials to log in, User-Name = hokies\dawson, > but I'm authorized for WLAN access as 'dawson,' not 'hokies\dawson.' > Although to prevent down the road severe levels of pain when enabling eduroam you should be using something like 'daw...@hokies.vt.edu', could you not just use 'ntdomain' (a built in module that will do this for you)? 'ntdomain' should create Realm and Stripped-User-Name in the manner you want.
> That's all well and good, as I should just be able to use > Stripped-User-Name in my queries and it'll be fine (assuming it > exists, using the :- operator and doing a little logic there, which I > have working fine). However, I haven't found a way, or maybe just the > right way, to get the realms module to create that stripped user name > at the right time, and when I use the perl module to create it and add > it to the list, it doesn't seem to come out the other side, like so: > > [snipped] > > I _tried_ getting this working in unlang, but that got mess pretty > fast, and started complaining about unmatched parens: > I was going to ask why you were not doing the perl stuff in unlang. :) > (1) ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/) > (1) expand: %{User-Name} -> hokies\dawson > ERROR: Failed compiling regular expression: Unmatched ( or \( > (1) - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated > > where the relevant part of sites-enabled/default authorize section looks thus: > > elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){ > update request{ > Stripped-User-Name := "%{$`}" > } > } > $' and $` is a perlism. You want something like (look at policy.conf rewrite.calling_station_id and rewrite.called_station_id as an example): ---- if (User-Name =~ /^[^\\]\\?(.*)$/) { update request { Stripped-User-Name := "%{1}" } } ---- Untested, but hopefully you get the idea. :) Cheers -- Alexander Clouter .sigmonster says: Sauron is alive in Argentina! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html