I've tried every permutation of the 'if' line I can think of - quotes,
no quotes, single-equal, double-equal, equal-tilde - but FreeRadius
still doesn't like that 'if' line, and errors out with "Line is not in
'attribute = value' format" on startup.
Again, I apologize if I'm missing something blatantly obvious here, but
I seem to be following the exact same format as every example on the
Internet; it just doesn't like it. Do I need to add some special config
line so it knows to watch for (and interpret) the unlang statements? I
had initially tried using a switch{} block and it complained that it
didn't know what 'switch' meant.
Thanks,
J. Fox
[EMAIL PROTECTED] wrote:
if(whatever) {
update request {
User-Name := ...
Ivan Kalik
Kalik Informatika ISP
Dana 15/10/2008, "Javier Fox" <[EMAIL PROTECTED]> piše:
Thanks for the pointer. I'm not entirely certain as to the proper place
to put such a thing, though. The examples I've been able to pull up
show others using 'if' statements and such in the 'authorize' block,
after calling preprocess. However, the following attempt:
authorize {
preprocess
if ( Called-Station-ID =~ /4262606/ ) {
User-Name := "[EMAIL PROTECTED]"
}
...
}
....gives me an error of "Line is not in 'attribute = value' format" with
the line number of the 'if' statement. Am I missing something basic here?
Thanks,
J Fox
Stephen Bowman wrote:
On Wed, Oct 15, 2008 at 3:52 PM, Javier Fox <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hi folks,
I have a bit of a conundrum trying to implement FreeRadius for a
system where users from multiple ISP names must all authenticate in
the same place, and I'm hoping a more experienced user can shed some
light.
In a nutshell, I need to do the following:
-Check the 'called-station-id' of an incoming RADIUS request
-If the id is A, B, or C, set a hint/realm flag to "alpha"
-If the id is D, E, or F, set a hint/realm flag to "beta"
-If the id is anything else, set a hint/realm flag to "gamma"
-Based on the value of the hint/realm flag, rewrite the username
before attempting authentication (by adding '@ispname1',
'@ispname2', etc.)
-Conversely, if the username already looks like '[EMAIL PROTECTED]',
leave it alone
For completeness' sake, I'm performing the authentication against a
Postgres database. In its current state, the system is able to
happily authenticate users as long as the username is provided in
the format "[EMAIL PROTECTED]"; otherwise they are rejected.
Our old RADIUS system (using Radiator) appears to call a perl script
to perform this username rewriting, but that just seems like a nasty
hack that I'd prefer to avoid.
Any advice on this would be immeasurably appreciated.
Thanks,
J. Fox
Answer: unlang
http://freeradius.org/radiusd/man/unlang.html
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html