Re: Confused by doc/variables.txt
Alan DeKok wrote:
Craig Huckabee [EMAIL PROTECTED] wrote:
However, if I use this:
DEFAULT User-Name =~ ^([^/]+)/(.*)
Foo = `%{2}`
...
then attempt to look at Foo using %{reply:Foo}, I get the expected value
and the filter works.
Try the original, but look for foo in %{Foo}, or %{request:Foo}
Alan DeKok.
Doesn't work - both %{Foo} and %{request:Foo} come back empty when
setting Foo on the check line in users.
:(
Anything else you can think of ?
--Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee [EMAIL PROTECTED] wrote:
Doesn't work - both %{Foo} and %{request:Foo} come back empty when
setting Foo on the check line in users.
Hmm...
Anything else you can think of ?
Try using another attribute.
Or, follow the code execution in src/modules/rlm_files/rlm_files.c
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Alan DeKok wrote:
Craig Huckabee [EMAIL PROTECTED] wrote:
Doesn't work - both %{Foo} and %{request:Foo} come back empty when
setting Foo on the check line in users.
Hmm...
Anything else you can think of ?
Try using another attribute.
Or, follow the code execution in src/modules/rlm_files/rlm_files.c
Alan DeKok.
I may try the latter later on today. Thanks!
--Craig
--
/ Craig Huckabee| e-mail: [EMAIL PROTECTED] /
/ Code 715-CH | phone: (843) 218 5653 /
/ SPAWAR Systems Center | close proximity: Hey You! /
/ Charleston, SC|ICBM: 32.78N, 79.93W /
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee wrote:
attr_rewrite works but breaks EAP for me :(
I've reattempted using the users file again, and double checked that
files does indeed come before the ldap sections in the authorize
section - still get a blank filter.
A debug run shows that files is indeed getting processed, somehow
'Hint' is never getting set. Could my regex be wrong ?
DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}`
Fall-Through = yes
Just to follow up to myself, here is the behavior I'm seeing (using
FreeRADIUS built from CVS yesterday to include Alan's fix - thanks!)
If I use this in the users file:
DEFAULT User-Name =~ ^([^/]+)/(.*), Foo := `%{2}`
...
then attempt to look at Foo using %{check:Foo} (in radiusd.conf), I get
nothing - Foo is empty.
However, if I use this:
DEFAULT User-Name =~ ^([^/]+)/(.*)
Foo = `%{2}`
...
then attempt to look at Foo using %{reply:Foo}, I get the expected value
and the filter works.
(note Foo is defined in the dictionary as a custom attribute, wasn't
100% sure if that was required - using Hint yielded the same results)
So, should 'check:variable' work for the first case ? Is this a bug
or (more likely) something I'm missing from my configuration.
Thanks in advance and also thanks for the patience while I learn the ins
and outs of the configuration.
--Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee [EMAIL PROTECTED] wrote:
However, if I use this:
DEFAULT User-Name =~ ^([^/]+)/(.*)
Foo = `%{2}`
...
then attempt to look at Foo using %{reply:Foo}, I get the expected value
and the filter works.
Try the original, but look for foo in %{Foo}, or %{request:Foo}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Kostas Kalevras wrote:
The other idea is to use attr_rewrite as already suggested. In any case, make
sure that the files module comes before ldap in the authorize section for the
above to work.
attr_rewrite works but breaks EAP for me :(
I've reattempted using the users file again, and double checked that
files does indeed come before the ldap sections in the authorize section
- still get a blank filter.
A debug run shows that files is indeed getting processed, somehow 'Hint'
is never getting set. Could my regex be wrong ?
DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}`
Fall-Through = yes
Thanks,
Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
On Tue, 4 May 2004, Craig Huckabee wrote:
Where can the regular expressions discussed in 'doc/variables.txt' be
used ? I'd like to modify the User-Name attribute as passed in for use
as a filter for rlm_ldap.
For example, during an EAP-TLS, I get an EAP packet like this:
NAS-IP-Address = ...
NAS-Port-Type = Async
User-Name = host/g21476.fo.bar
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = ...
State = ...
EAP-Message = ...
Message-Authenticator = ...
I'd like to strip off the 'host/' from User-Name and use that as a
filter in rlm_ldap for the authorize step, like:
ldap {
...
User-Name =~ ^([^/]+)/(.*)
filter = (cn=`%{2}`)
...
}
That fails horribly (cn='') so I'm not sure where those types of regex
statements can be used in radiusd.conf.
The above won't work. You can't just add the User-Name line in the rlm_ldap
configuration and expect it to work.
You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add
a Hint variable in the users file and use that as the filter:
--users--
DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}`
--radiusd.conf--
ldap {
filter = (cn=%{check:Hint})
...
}
Is that possible or am I completely misunderstanding variables.txt ?
I'm running FreeRADIUS built from CVS as of 4/21/04.
Thanks,
Craig
PS Forgive the wandering nature of this e-mail, 12+ hours at work...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Kostas Kalevras wrote:
The above won't work. You can't just add the User-Name line in the rlm_ldap
configuration and expect it to work.
I didn't expect it to just work, but I wanted to at least try something
before posting a question. The documentation isn't as clear as your
answer so I was grasping at straws.
You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add
a Hint variable in the users file and use that as the filter:
--users--
DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}`
--radiusd.conf--
ldap {
filter = (cn=%{check:Hint})
...
}
I tried adding the expression to the users file as you suggest - that
doesn't appear to work either. I still end up with a cn='' filter. Any
other ideas are greatly appreciated.
Thanks,
Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
On Wed, 5 May 2004, Craig Huckabee wrote:
Kostas Kalevras wrote:
The above won't work. You can't just add the User-Name line in the rlm_ldap
configuration and expect it to work.
I didn't expect it to just work, but I wanted to at least try something
before posting a question. The documentation isn't as clear as your
answer so I was grasping at straws.
You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add
a Hint variable in the users file and use that as the filter:
--users--
DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}`
--radiusd.conf--
ldap {
filter = (cn=%{check:Hint})
...
}
I tried adding the expression to the users file as you suggest - that
doesn't appear to work either. I still end up with a cn='' filter. Any
other ideas are greatly appreciated.
The other idea is to use attr_rewrite as already suggested. In any case, make
sure that the files module comes before ldap in the authorize section for the
above to work.
Thanks,
Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
