Re: Confused by doc/variables.txt
Alan DeKok wrote: Craig Huckabee [EMAIL PROTECTED] wrote: However, if I use this: DEFAULT User-Name =~ ^([^/]+)/(.*) Foo = `%{2}` ... then attempt to look at Foo using %{reply:Foo}, I get the expected value and the filter works. Try the original, but look for foo in %{Foo}, or %{request:Foo} Alan DeKok. Doesn't work - both %{Foo} and %{request:Foo} come back empty when setting Foo on the check line in users. :( Anything else you can think of ? --Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee [EMAIL PROTECTED] wrote: Doesn't work - both %{Foo} and %{request:Foo} come back empty when setting Foo on the check line in users. Hmm... Anything else you can think of ? Try using another attribute. Or, follow the code execution in src/modules/rlm_files/rlm_files.c Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Alan DeKok wrote: Craig Huckabee [EMAIL PROTECTED] wrote: Doesn't work - both %{Foo} and %{request:Foo} come back empty when setting Foo on the check line in users. Hmm... Anything else you can think of ? Try using another attribute. Or, follow the code execution in src/modules/rlm_files/rlm_files.c Alan DeKok. I may try the latter later on today. Thanks! --Craig -- / Craig Huckabee| e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: Hey You! / / Charleston, SC|ICBM: 32.78N, 79.93W / - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee wrote: attr_rewrite works but breaks EAP for me :( I've reattempted using the users file again, and double checked that files does indeed come before the ldap sections in the authorize section - still get a blank filter. A debug run shows that files is indeed getting processed, somehow 'Hint' is never getting set. Could my regex be wrong ? DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}` Fall-Through = yes Just to follow up to myself, here is the behavior I'm seeing (using FreeRADIUS built from CVS yesterday to include Alan's fix - thanks!) If I use this in the users file: DEFAULT User-Name =~ ^([^/]+)/(.*), Foo := `%{2}` ... then attempt to look at Foo using %{check:Foo} (in radiusd.conf), I get nothing - Foo is empty. However, if I use this: DEFAULT User-Name =~ ^([^/]+)/(.*) Foo = `%{2}` ... then attempt to look at Foo using %{reply:Foo}, I get the expected value and the filter works. (note Foo is defined in the dictionary as a custom attribute, wasn't 100% sure if that was required - using Hint yielded the same results) So, should 'check:variable' work for the first case ? Is this a bug or (more likely) something I'm missing from my configuration. Thanks in advance and also thanks for the patience while I learn the ins and outs of the configuration. --Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Craig Huckabee [EMAIL PROTECTED] wrote: However, if I use this: DEFAULT User-Name =~ ^([^/]+)/(.*) Foo = `%{2}` ... then attempt to look at Foo using %{reply:Foo}, I get the expected value and the filter works. Try the original, but look for foo in %{Foo}, or %{request:Foo} Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Kostas Kalevras wrote: The other idea is to use attr_rewrite as already suggested. In any case, make sure that the files module comes before ldap in the authorize section for the above to work. attr_rewrite works but breaks EAP for me :( I've reattempted using the users file again, and double checked that files does indeed come before the ldap sections in the authorize section - still get a blank filter. A debug run shows that files is indeed getting processed, somehow 'Hint' is never getting set. Could my regex be wrong ? DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}` Fall-Through = yes Thanks, Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
On Tue, 4 May 2004, Craig Huckabee wrote: Where can the regular expressions discussed in 'doc/variables.txt' be used ? I'd like to modify the User-Name attribute as passed in for use as a filter for rlm_ldap. For example, during an EAP-TLS, I get an EAP packet like this: NAS-IP-Address = ... NAS-Port-Type = Async User-Name = host/g21476.fo.bar Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = ... State = ... EAP-Message = ... Message-Authenticator = ... I'd like to strip off the 'host/' from User-Name and use that as a filter in rlm_ldap for the authorize step, like: ldap { ... User-Name =~ ^([^/]+)/(.*) filter = (cn=`%{2}`) ... } That fails horribly (cn='') so I'm not sure where those types of regex statements can be used in radiusd.conf. The above won't work. You can't just add the User-Name line in the rlm_ldap configuration and expect it to work. You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add a Hint variable in the users file and use that as the filter: --users-- DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}` --radiusd.conf-- ldap { filter = (cn=%{check:Hint}) ... } Is that possible or am I completely misunderstanding variables.txt ? I'm running FreeRADIUS built from CVS as of 4/21/04. Thanks, Craig PS Forgive the wandering nature of this e-mail, 12+ hours at work... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
Kostas Kalevras wrote: The above won't work. You can't just add the User-Name line in the rlm_ldap configuration and expect it to work. I didn't expect it to just work, but I wanted to at least try something before posting a question. The documentation isn't as clear as your answer so I was grasping at straws. You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add a Hint variable in the users file and use that as the filter: --users-- DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}` --radiusd.conf-- ldap { filter = (cn=%{check:Hint}) ... } I tried adding the expression to the users file as you suggest - that doesn't appear to work either. I still end up with a cn='' filter. Any other ideas are greatly appreciated. Thanks, Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Confused by doc/variables.txt
On Wed, 5 May 2004, Craig Huckabee wrote: Kostas Kalevras wrote: The above won't work. You can't just add the User-Name line in the rlm_ldap configuration and expect it to work. I didn't expect it to just work, but I wanted to at least try something before posting a question. The documentation isn't as clear as your answer so I was grasping at straws. You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add a Hint variable in the users file and use that as the filter: --users-- DEFAULT User-Name =~ ^([^/]+)/(.*), Hint := `%{2}` --radiusd.conf-- ldap { filter = (cn=%{check:Hint}) ... } I tried adding the expression to the users file as you suggest - that doesn't appear to work either. I still end up with a cn='' filter. Any other ideas are greatly appreciated. The other idea is to use attr_rewrite as already suggested. In any case, make sure that the files module comes before ldap in the authorize section for the above to work. Thanks, Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html