help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] problems getting rewrite hook right

From: Charles Sprickman
Subject: Re: [Help-gnu-radius] problems getting rewrite hook right
Date: Wed, 1 Nov 2006 18:25:15 -0500 (EST) 
On Tue, 31 Oct 2006, Sergey Poznyakoff wrote:


Charles Sprickman <address@hidden> wrote:


We also have domain accounts where the user's actual username is
"address@hidden".  We instruct those users to use
"address@hidden" when dialing in.


As a side note: they could have safely used another '@', as the proxying
protocol allows for stacking the user domains
(e.g. address@hidden@bway.net).


The "@bway.net" is stripped by our dial provider and we see the user as
"username%domain.com".


From what I see in your previous posting, they seem to fail to do so:


Oct 25 15:53:10 elephant radiusd: Auth.debug:
mysql.c:216:rad_mysql_exec: query:
SELECT attr,value FROM radius_attrib WHERE username='address@hidden' AND
op IS NULL AND domain='address@hidden'

The test user logs in using "address@hidden"...  I'm so lost
with this since I haven't touched it for years (literally).


So, your server received the name as "address@hidden" anyway.


Does that pretty much make sense?  It's kind of a strange setup...


If I get it right, the domain_split function should return the part
between '%' and '@', if there is a percent sign, the part after '@',
if there's none, and "bway.net" otherwise. Does that make sense? If
so, the following function will do it:


And that seems to be very close to doing what I want... :)


string
domain_split(string name)
{
        integer a;
         string localpart;
        string domainpart;

         domainpart = "bway.net"; /* provide the default value */
        if (name =~ "\(.*\)@\(.*\)") {
                localpart = \1;
                domainpart = \2;
         } else {
                localpart = name;
         }

        if (localpart =~ "\(.*\)%\(.*\)")
                domainpart = \2;

        return domainpart;
}
This gets me what I want in the domain part of the query, but the username still comes up as "foo%foo.com". 

I thought the following might fix it up.
I made another rewrite rule named "login_pct" that will return everything to the left of the "%" in a username: 

string
login_pct(string name)
{
    integer i;

    if ((i = index(name, '\%')) != -1)
        return substr(name, 0, i);
    return name;
}
But I'm not sure how to get it going. I tried the following in the hints file: 

DEFAULT NULL    User-Name = "=login_pct(%[User-Name])"
DEFAULT NULL    Auth-Dom = "=domain_split(%[User-Name])"

But that seems to screw everything up...
Nov 1 18:23:20 elephant radiusd: Auth.debug: mysql.c:57:do_mysql_query: called with SELECT attr,value FROM radius_attrib WHERE 
username='test%maniform.com' AND op IS NULL AND domain=''

BTW, that test shell is pretty neat, I had no idea that even existed!

Thanks,

Charles


Here's its output in the test run:

** TEST SHELL **
(radiusd) source /home/gray/1.rw
0
(radiusd) r domain_split("username%domain.com")
domain.com
(radiusd) r domain_split("address@hidden")
domain.com
(radiusd) r domain_split("address@hidden")
domain.com
(radiusd) r domain_split("username")
bway.net
(radiusd)


I'd like to get it setup with FreeBSD 4.11 and 6.2, would that be helpful?


Sure, that would be great.


Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]