On 14 Jul 2011, at 03:42, Alexander Clouter wrote: > In article <795d5ee4-7536-431e-926a-98e70efa1...@vt.edu> you wrote: > Although to prevent down the road severe levels of pain when enabling > eduroam you should be using something like 'daw...@hokies.vt.edu', could > you not just use 'ntdomain' (a built in module that will do this for > you)? 'ntdomain' should create Realm and Stripped-User-Name in the > manner you want. Are you suggesting that using a prefix domain like that will cause problems, or that I should be using the realms module? I have no problem with using the module, as it's worked well for the proxying side of things, but I need to be able to authorize the users on our domain, and that means I need to get a stripped username and pass it to the DB. I'll poke at it and see if I can get that side working.
> > I was going to ask why you were not doing the perl stuff in unlang. :) > It seemed like a good idea at the time. >> (1) ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/) >> (1) expand: %{User-Name} -> hokies\dawson >> ERROR: Failed compiling regular expression: Unmatched ( or \( >> (1) - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated >> >> where the relevant part of sites-enabled/default authorize section > looks thus: >> >> elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){ >> update request{ >> Stripped-User-Name := "%{$`}" >> } >> } >> > $' and $` is a perlism. You want something like (look at policy.conf > rewrite.calling_station_id and rewrite.called_station_id as an example): > ---- > if (User-Name =~ /^[^\\]\\?(.*)$/) { > update request { > Stripped-User-Name := "%{1}" > } > } > ---- > > Untested, but hopefully you get the idea. :) This works a little better: elsif("%{User-Name}" =~ /^(.*)\\\\?(.*)$/){ update request{ Stripped-User-Name := "%{2}" } } But gives this: (5) ? Evaluating ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) -> TRUE (5) ? elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) -> TRUE (5) elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) { (5) - entering elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) {...} (5) update request { (5) expand: %{2} -> (5) } # update request = updated (5) - elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) returns updated (5) - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated .... (5) sql : expand: %{Stripped-User-Name} -> (5) sql : sql_set_user escaped user --> '' Not sure what I should be doing there. Changed it to %{0} and also to %{1} and both gave me hokies\dawson, which was at least successfully written into Stripped-User-Name. Would love some more insight into how unlang handles these things, as I'm sure we'll run into a use for it in the future, even if I manage a realms-based solution to this. Thanks much, - Jacob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html