Hello, I have an issue and haven't been able to find any online help. I thought I had freeradius working correctly but discovered yesterday that if a user's name starts with 'r' then they can't login. I setup an unlang if statement (in the default sites available) to handle whether the login is a computer, user, or pda request (I'm assuming this is the best way to do it). The statement copies the User-Name attribute over to a Stripped-User-Name attribute and manipulates the Stripped-User-Name as necessary. Normally when a user logs in it's in the format: DOMAIN\first.lastname. I created some attr_rewrite modules to strip the domain and period out of the username.
It was working fine, but I discovered if Randy Hall logs in (User-Name = DOMAIN\randy.hall); Stripped-User-Name becomes: DOMAIN andy halll (domain is not removed, the r in his name disappears and the last letter seems to be doubled (I tried this with another user and it removed the r from his name and doubled the 's' at the end of his name as well). So what is going on exactly? I'm not an expert but it seems like the attribute is being evaluated as a regular expression??? I commented out all the attr_rewrite modules except for the one that copies the user-name over to stripped-user-name and noticed the stripped-user-name was still incorrect in my ldap search. .....attr_rewrite section in RADIUSD.CONF..... attr_rewrite copy.user-name { attribute = Stripped-User-Name new_attribute = yes searchfor = "" searchin = packet replacewith = "%{User-Name}" } attr_rewrite add-dollar-sign { attribute = Stripped-User-Name searchfor = "^(host/.*)" searchin = packet new_attribute = no replacewith = "%{1}$" } attr_rewrite strip-realm-name { attribute = Stripped-User-Name new_attribute = no searchin = packet searchfor = "^(.*[\\/]+)" replacewith = "" max_matches = 1 } attr_rewrite remove-domain { attribute = Stripped-User-Name new_attribute = no searchfor = "\.DOMAIN\.EDU" searchin = packet replacewith = "" max_matches = 1 } attr_rewrite pda-fix { attribute = Stripped-User-Name new_attribute = no searchfor = "@DOMAIN" searchin = packet replacewith = "" max_matches = 1 } attr_rewrite strip-period { attribute = Stripped-User-Name new_attribute = no searchin = packet searchfor = "[.]" replacewith = " " max_matches = 1 } .....If statement in default under sites-available..... #Host Login if (User-Name =~ /^(host\/.*)/i) { copy.user-name strip-realm-name remove-domain } #User Login elsif (User-Name =~ /^(DOMAIN\\.*)/i) { copy.user-name strip-realm-name strip-period } #PDA Login elsif (User-Name =~ /(@DOMAIN.EDU)/i) { copy.user-name remove-domain strip-period } else { copy.user-name strip-period } .....OUTPUT..... Waking up in 3.9 seconds. User-Name = "DOMAIN\\randy.hall" Framed-MTU = 1400 Called-Station-Id = "001a.e210.7420" Calling-Station-Id = "000e.3558.6ea4" Service-Type = Login-User Message-Authenticator = 0x3ee4bc7ed916ea6dc3bdb3d527346d95 EAP-Message = 0x0202001701474148414e4e415c72616e64792e68616c6c NAS-Port-Type = Wireless-802.11 NAS-Port = 3649 NAS-IP-Address = 192.168.0.229 NAS-Identifier = "Company" +- entering group authorize ++[preprocess] returns ok expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.0.229/auth-detail-20080424 rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.0.229/auth-detail-20080424 expand: %t -> Thu Apr 24 10:18:40 2008 ++[auth_log] returns ok ++? if (User-Name =~ /^(host\/.*)/i) ? Evaluating (User-Name =~ /^(host\/.*)/i) -> FALSE ++? if (User-Name =~ /^(host\/.*)/i) -> FALSE ++? elsif (User-Name =~ /^(DOMAIN\\.*)/i) ? Evaluating (User-Name =~ /^(DOMAIN\\.*)/i) -> TRUE ++? elsif (User-Name =~ /^(DOMAIN\\.*)/i) -> TRUE ++- entering elsif (User-Name =~ /^(DOMAIN\\.*)/i) expand: %{User-Name} -> DOMAIN\randy.hall copy.user-name: Added attribute Stripped-User-Name with value 'DOMAIN\randy.hall' +++[copy.user-name] returns ok expand: ^(.*[\/]+) -> ^(.*[\/]+) strip-realm-name: Does not match: Stripped-User-Name = DOMAIN andy.halll +++[strip-realm-name] returns ok expand: [.] -> [.] expand: -> strip-period: Changed value for attribute Stripped-User-Name from 'DOMAIN andy.halll' to 'DOMAIN andy halll' +++[strip-period] returns ok ++- elsif (User-Name =~ /^(DOMAIN\\.*)/i) returns ok ++ ... skipping elsif for request 2: Preceding "if" was taken ++ ... skipping else for request 2: Preceding "if" was taken ++[chap] returns noop ++[mschap] returns noop -- View this message in context: http://www.nabble.com/User-Name-attribute-being-evaluated-as-regular-expression----tp16850734p16850734.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html