> -----Original Message----- > From: > [EMAIL PROTECTED] eradius.org [mailto:freeradius-users-> [EMAIL PROTECTED] On > Behalf Of Norbert Grochal > Sent: Saturday, 25 November 2006 00:13 > To: FreeRadius users mailing list > Subject: Re: very long regular expression... > > > Do something like: > > > > modules { > > passwd mac2ok { > > filename = /etc/raddb/mac2ok > > format = "*Calling-Station-Id:~My-Local-String" > > hashsize = 100 > > } > > > > # other modules > > } > > > > authorize { > > preprocess > > mac2ok > > files > > # other modules > > } > > > > Make "/etc/raddb/mac2ok" read: > > > > 008012323244:ok > > 002938475473:ok > > > > ...then in "users" put: > > > > DEFAULT My-Local-String != "ok", Auth-Type := Reject > Reply-Message = > > "calling station id not allowed", Fall-Through = No > > > > # Other config items > > > > Depending on the version of the server, you might need the > following > > in > > /etc/raddb/dictionary: > > > > ATTRIBUTE My-Local-String 3000 string > > OK, It almost works fine, but if there is no mac in my mac2ok > file then users file doesn't put REJECT into Auth-Type. > I have added that line at the begining of users file: > > DEFAULT Auth-Type := REJECT, My-Local-String !* "a" >
Try: DEFAULT My-Local-String !* "a", Auth-Type := REJECT Reply-Message = "No calling station id provided" If the first part is false, the second part does not get tested, which means Auth-Type doesn't get set. When tests have side effects (like assignment) testing order matters. Also, why not test positive instead of negative: DEFAULT My-Local-String == "ok", Auth-Type := ACCEPT Reply-Message = "%u logged on", Other-Attribute = "somevalue" # other reasons for allowing access DEFAULT foo == "bar" ... # reject all others DEFAULT Auth-Type := REJECT Reply-Message = "Access denied" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html