[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] problems getting rewrite hook right
From: |
Charles Sprickman |
Subject: |
Re: [Help-gnu-radius] problems getting rewrite hook right |
Date: |
Wed, 1 Nov 2006 18:25:15 -0500 (EST) |
On Tue, 31 Oct 2006, Sergey Poznyakoff wrote:
Charles Sprickman <address@hidden> wrote:
We also have domain accounts where the user's actual username is
"address@hidden". We instruct those users to use
"address@hidden" when dialing in.
As a side note: they could have safely used another '@', as the proxying
protocol allows for stacking the user domains
(e.g. address@hidden@bway.net).
The "@bway.net" is stripped by our dial provider and we see the user as
"username%domain.com".
From what I see in your previous posting, they seem to fail to do so:
Oct 25 15:53:10 elephant radiusd: Auth.debug:
mysql.c:216:rad_mysql_exec: query:
SELECT attr,value FROM radius_attrib WHERE username='address@hidden' AND
op IS NULL AND domain='address@hidden'
The test user logs in using "address@hidden"... I'm so lost
with this since I haven't touched it for years (literally).
So, your server received the name as "address@hidden" anyway.
Does that pretty much make sense? It's kind of a strange setup...
If I get it right, the domain_split function should return the part
between '%' and '@', if there is a percent sign, the part after '@',
if there's none, and "bway.net" otherwise. Does that make sense? If
so, the following function will do it:
And that seems to be very close to doing what I want... :)
string
domain_split(string name)
{
integer a;
string localpart;
string domainpart;
domainpart = "bway.net"; /* provide the default value */
if (name =~ "\(.*\)@\(.*\)") {
localpart = \1;
domainpart = \2;
} else {
localpart = name;
}
if (localpart =~ "\(.*\)%\(.*\)")
domainpart = \2;
return domainpart;
}
This gets me what I want in the domain part of the query, but the username
still comes up as "foo%foo.com".
I thought the following might fix it up.
I made another rewrite rule named "login_pct" that will return everything
to the left of the "%" in a username:
string
login_pct(string name)
{
integer i;
if ((i = index(name, '\%')) != -1)
return substr(name, 0, i);
return name;
}
But I'm not sure how to get it going. I tried the following in the hints
file:
DEFAULT NULL User-Name = "=login_pct(%[User-Name])"
DEFAULT NULL Auth-Dom = "=domain_split(%[User-Name])"
But that seems to screw everything up...
Nov 1 18:23:20 elephant radiusd: Auth.debug: mysql.c:57:do_mysql_query:
called with SELECT attr,value FROM radius_attrib WHERE
username='test%maniform.com' AND op IS NULL AND domain=''
BTW, that test shell is pretty neat, I had no idea that even existed!
Thanks,
Charles
Here's its output in the test run:
** TEST SHELL **
(radiusd) source /home/gray/1.rw
0
(radiusd) r domain_split("username%domain.com")
domain.com
(radiusd) r domain_split("address@hidden")
domain.com
(radiusd) r domain_split("address@hidden")
domain.com
(radiusd) r domain_split("username")
bway.net
(radiusd)
I'd like to get it setup with FreeBSD 4.11 and 6.2, would that be helpful?
Sure, that would be great.
Regards,
Sergey
- Re: [Help-gnu-radius] problems getting rewrite hook right,
Charles Sprickman <=