At Mon, 3 Nov 2003 14:12:04 +0200 (EET), Kostas Kalevras wrote: > Thanks for everything Kosta. > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > At Mon, 3 Nov 2003 13:39:20 +0200 (EET), > > Kostas Kalevras wrote: > > > > > > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > > > > > > > > > Hello to everyone. > > > > This is my first post to the list. I want to have a user that is > > > > allowed to have ISDN or PSTN access and another that should have PSTN > > > > access only. I am using the attribute NAS-Port-Type in the check list > > > > to accomplish this. In the first user I want the NAS-Port-Type to have > > > > values Async or ISDN and in the second I want to have Async only. I am > > > > also using the sql module so my users' authorization data are stored > > > > in an Oracle database. Freeradius version 0.9.2 (latest for now). > > > > My radcheck table looks like > > > > > > > > +--+--------------+------------------+-----+----------- > > > > id username attribute op value > > > > +--+--------------+------------------+-----+----------- > > > > 1 kzorba User-Password == xxxx > > > > 2 kzorba NAS-Port-Type == Async > > > > 3 kzorba NAS-Port-Type == ISDN > > > > 4 mitg User-Password == yyyy > > > > 5 mitg NAS-Port-Type == Async > > > > +--+--------------+------------------+-----+----------- > > > > > > > > I am using the NTradping test utility (as descibed in the O'Reilly > > > > book) but the results are the same when I use a Cisco 3640 > > > > router. When I > > > > am sending one of the 2 allowed values in an > > > > Access-Request for kzorba I always get reject. I tried to put as a > > > > value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I > > > > always got accept no matter what I sent (even a value besides ISDN or > > > > Async). I only managed to get accept when I have one record with a > > > > specific value (in this case everything works as expected). So the > > > > question is: > > > > How can I express the fact that I want to accept the user when the > > > > attribute has value a OR b? By generalizing can I have boolean > > > > expressions in check items? > > > > Thank you in advance > > > > > > I think that the AND relation of the check items is rather strongly established > > > in the check functions of freeradius. The way i see it you have two choises: > > > 1. Use a regular expression > > > 2. Use the checkval module (check raddb/experimental.conf) > > > > > Thanks for the reply. I believe that the regular expressions can be > > used for string type attributes only. Unfortunately NAS-Port-Type is > > ENUM. I tried it using 'Async|ISDN' as value and it always returned > > accept. By the way what kind of syntax can I use for regexps? Perl > > like? > > Not perl, POSIX. But i do think that Async|ISDN should work. For regular > expressions we always use the string represantion of the attribute (that way > regexs can also work for ipaddr,enum and other attribute types). Try something > like: > > DEFAULT NAS-Port-Type =~ "Async|ISDN" > Reply-Message = "Yes it works" > > in your users file to make sure that it works that way. > > > Also is there any further documentation on the checkval apart > > from experimental.conf? > > No, and i don't think there's any need for. It is a rather simple module > actually. > > > I imagine that I need to enable experimental module support in the > > configure (./configure --with-experimental-modules) and then include > > experimental.conf in radius.conf? > > Yes for the configure part. You won't need to include the whole > experimental.conf file though, only the checkval section. > > > > > > > > > > > Kostas > > > > > > > > > > > > ====================================================== > > > > Kostas Zorbadelos > > > > Currently at: Otenet IT Department > > > > mailto: [EMAIL PROTECTED] > > > > > > > > Out there in the darkness, out there in the night > > > > out there in the starlight, one soul burns brighter > > > > than a thousand suns. > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > > > > -- > > > Kostas Kalevras Network Operations Center > > > [EMAIL PROTECTED] National Technical University of Athens, Greece > > > Work Phone: +30 210 7721861 > > > 'Go back to the shadow' Gandalf > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > ====================================================== > > Kostas Zorbadelos > > Currently at: Otenet IT Department > > mailto: [EMAIL PROTECTED] > > > > Out there in the darkness, out there in the night > > out there in the starlight, one soul burns brighter > > than a thousand suns. > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ====================================================== Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
