In article <795d5ee4-7536-431e-926a-98e70efa1...@vt.edu> you wrote:
>
> So, one of my last things here is making sure I can get at the
> stripped usernames for my domain users, as they're authorized by their
> stripped name, not the name w/ which they're authenticating. Forex,
> if I'm using my AD credentials to log in, User-Name = hokies\dawson,
> but I'm authorized for WLAN access as 'dawson,' not 'hokies\dawson.'
>
Although to prevent down the road severe levels of pain when enabling
eduroam you should be using something like 'daw...@hokies.vt.edu', could
you not just use 'ntdomain' (a built in module that will do this for
you)? 'ntdomain' should create Realm and Stripped-User-Name in the
manner you want.
> That's all well and good, as I should just be able to use
> Stripped-User-Name in my queries and it'll be fine (assuming it
> exists, using the :- operator and doing a little logic there, which I
> have working fine). However, I haven't found a way, or maybe just the
> right way, to get the realms module to create that stripped user name
> at the right time, and when I use the perl module to create it and add
> it to the list, it doesn't seem to come out the other side, like so:
>
> [snipped]
>
> I _tried_ getting this working in unlang, but that got mess pretty
> fast, and started complaining about unmatched parens:
>
I was going to ask why you were not doing the perl stuff in unlang. :)
> (1) ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/)
> (1) expand: %{User-Name} -> hokies\dawson
> ERROR: Failed compiling regular expression: Unmatched ( or \(
> (1) - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated
>
> where the relevant part of sites-enabled/default authorize section
looks thus:
>
> elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){
> update request{
> Stripped-User-Name := "%{$`}"
> }
> }
>
$' and $` is a perlism. You want something like (look at policy.conf
rewrite.calling_station_id and rewrite.called_station_id as an example):
----
if (User-Name =~ /^[^\\]\\?(.*)$/) {
update request {
Stripped-User-Name := "%{1}"
}
}
----
Untested, but hopefully you get the idea. :)
Cheers
--
Alexander Clouter
.sigmonster says: Sauron is alive in Argentina!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
