Re: Pattern Matching in users file
"Garber, Neal" <[EMAIL PROTECTED]> wrote: > Did I miss something? No. The "hints" file is just does more than it's documented to do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Pattern Matching in users file
> Which says you *can* use them. It doesn't say you *can'*t > use anything else. Thanks Alan. As always, I appreciate you taking the time to offer your insight. Currently, the Wiki, README and sample file only mention the example of testing username using prefix/suffix. If a more generic statement of purpose for hints existed, then I would have taken the information about username testing in the Wiki, the README and the sample file as just an example. I haven't found anything, other than your enlightening response to my question that describes the overall purpose of hints (i.e., that it can add request attributes based upon the value of an existing request attribute). Did I miss something? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pattern Matching in users file
"Garber, Neal" <[EMAIL PROTECTED]> wrote:
> > You can use the "hints" file to do what you want. It does *not* say
> > you can only use prefix & suffix matching.
>
> I was referring to the following in the sample hints file:
Which says you *can* use them. It doesn't say you *can'*t use anything else.
> DEFAULT Cisco-AVPair == "", My-Group := "RadioIP-MAU"
> DEFAULT Cisco-AVPair == "ssid=(.*)", My-Group := "Wireless %{1}"
> DEFAULT My-Group := "Unknown source"
The first line matches a request.
The second, and subsequent lines, add attributes to the request.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Pattern Matching in users file
> You can use the "hints" file to do what you want. It does *not* say
> you can only use prefix & suffix matching.
I was referring to the following in the sample hints file:
# Matching can take place with the the Prefix and Suffix
# attributes, just like in the "users" file.
# These attributes operate ONLY on the username, though.
And this in the doc/README file:
Customize the /etc/raddb/hints file. This file is used to give users a
different login type based on a prefix/suffix of their loginname. For
example, logging in as "user" may result in a rlogin session to a Unix
system, and logging in as "Puser" could start a PPP session.
Is there another document that describes matching on other attributes
and how to add new attributes to the request. I think these paragraphs
need updating. Are you saying I can do this in hints:
DEFAULT Cisco-AVPair == "", My-Group := "RadioIP-MAU"
DEFAULT Cisco-AVPair == "ssid=(.*)", My-Group := "Wireless %{1}"
DEFAULT My-Group := "Unknown source"
That is, does hints work just like the users file, except it adds any
new attributes to the request? If so, this is exactly what I need! If
the syntax or usage is off, can you correct me.
Thanks Alan.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pattern Matching in users file
"Garber, Neal" <[EMAIL PROTECTED]> wrote: > Do I need to predefine the attribute name somewhere before > I attempt to create it in the users file? Yes. See the dictionaries. > Are you referring to the doc/processing_users_file? If so, perhaps I > misunderstood the bullet within it that reads: > > - The check pairlist of the request is replaced by the tmpcheck pairlist > (this is the same as: the check pairlist from the usersfile entry is >appended to the pairlist of the request) That would be incorrect. I'll go update it. > I don't think that will work for me because the hints file doc. > states it adds attributes solely based upon prefix or suffix of > the username. I want to add an attribute based upon the value of > Cisco-AVPair. Am I misinterpreting the doc. for hints also? You can use the "hints" file to do what you want. It does *not* say you can only use prefix & suffix matching. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Pattern Matching in users file
> You can't use the Group attribute that way. It's for checking Unix >groups. You'll have to create another attribute for your local groups. Do I need to predefine the attribute name somewhere before I attempt to create it in the users file? >> Also, the Group attribute was added to %RAD_CHECK as opposed to >> %RAD_REQUEST (Group was not an attribute in the original request). > The "users" file is documented as behaving this way. Are you referring to the doc/processing_users_file? If so, perhaps I misunderstood the bullet within it that reads: - The check pairlist of the request is replaced by the tmpcheck pairlist (this is the same as: the check pairlist from the usersfile entry is appended to the pairlist of the request) The phrase in parentheses is what made me think I could add attributes to the request. Is this statement incorrect or am I interpreting it differently than the author intended? The first part of the bullet matches what you said and what I experienced. > If you want to add an attribute to the request, you have to use the >"hints" file. I don't think that will work for me because the hints file doc. states it adds attributes solely based upon prefix or suffix of the username. I want to add an attribute based upon the value of Cisco-AVPair. Am I misinterpreting the doc. for hints also? Thanks again for your help Alan. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pattern Matching in users file
"Garber, Neal" <[EMAIL PROTECTED]> wrote:
> DEFAULT Cisco-AVPair =~ "ssid=3D(.*)", Group := "%{1}"
You can't use the Group attribute that way. It's for checking Unix
groups. You'll have to create another attribute for your local groups.
> Also, the Group attribute was added to %RAD_CHECK as opposed to
> %RAD_REQUEST (Group was not an attribute in the original request).
The "users" file is documented as behaving this way.
If you want to add an attribute to the request, you have to use the
"hints" file.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
