So, one of my last things here is making sure I can get at the stripped usernames for my domain users, as they're authorized by their stripped name, not the name w/ which they're authenticating. Forex, if I'm using my AD credentials to log in, User-Name = hokies\dawson, but I'm authorized for WLAN access as 'dawson,' not 'hokies\dawson.'
That's all well and good, as I should just be able to use Stripped-User-Name in my queries and it'll be fine (assuming it exists, using the :- operator and doing a little logic there, which I have working fine). However, I haven't found a way, or maybe just the right way, to get the realms module to create that stripped user name at the right time, and when I use the perl module to create it and add it to the list, it doesn't seem to come out the other side, like so: rlm_perl: Added pair User-Name = hokies\\dawson ... rlm_perl: Added pair Stripped-User-Name = dawson (1) [perl] = updated (1) ? if ("%{Stripped-User-Name}" == "dawson") (1) expand: %{Stripped-User-Name} -> (1) ? Evaluating ("%{Stripped-User-Name}" == "dawson") -> FALSE (1) ? if ("%{Stripped-User-Name}" == "dawson") -> FALSE I uncommented the func_authorize = authorize line in modules/perl, and the script to which the perl module points has this for its authorize function: sub authorize { # For debugging purposes only # &log_request_attributes; # Logic to add stripped user name to request if our realms are recognized my $fullUserName = $RAD_REQUEST{'User-Name'}; #If we have a prefix-determined domain if ( $fullUserName =~/^.*\\(\\)?/i){ $RAD_REPLY{'Stripped-User-Name'} = $'; return RLM_MODULE_UPDATED; } #If we have a suffix-determined domain elsif ( $fullUserName =~/\@.*$/){ $RAD_REPLY{'Stripped-User-Name'} = $`; return RLM_MODULE_UPDATED; } return RLM_MODULE_OK; } Obviously, the regexps are working and the logic is working, based on the debug output, but since in the very next line, Stripped-User-Name is blank again, something's not working here. I _tried_ getting this working in unlang, but that got mess pretty fast, and started complaining about unmatched parens: (1) ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/) (1) expand: %{User-Name} -> hokies\dawson ERROR: Failed compiling regular expression: Unmatched ( or \( (1) - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated where the relevant part of sites-enabled/default authorize section looks thus: elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){ update request{ Stripped-User-Name := "%{$`}" } } (I can't tell if the assignment is working or not, since it never gets that far, but I wouldn't be surprised if it shouldn't work in that state) One of these ought to be writing the Attribute correctly, but not a one of them has worked. Manually writing to the attribute works (Stripped-User-Name:="dawson") but that's hardly the right answer. I'm out of ideas here. I can't tell if I'm getting unexpected behavior out of FreeRADIUS, or I'm just missing something. Thoughts? Thanks much, - Jacob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html