Home > Back-end >  FreeRadius Configuration (radiusd.conf) - Regex-Problem unlang
FreeRadius Configuration (radiusd.conf) - Regex-Problem unlang

Time:04-06

I am currently facing a problem within my Radius configuration and wanted to ask you for help.

I'am using the FreeRadius-Version 3.0.23

Within the authorize section in radiusd.conf I am trying to create the following unlang expression.

I have users in the following format:

super1
super2
...
user1
user2

NAS-Identifier:

SUP-A
SUP-B
SUP-C
SUP-D

I want to extract something from the NAS identifier using a regex and append to the user.

=> super1-A
=> super2-D

However, it doesn't work with the following expression because the extracted value is no longer available in the second IF statement.

if ( NAS-Identifier =~ /^SUP\\-([ABCD])/ ) {

=> The extracted value is only available at this point
=> Or is it possible to define a local variable with the value?

    if ( "%{User-Name}" !~ /^super\\d / )
            update request {                                                                                                         
                User-Name := "%{User-Name}-%{1}"   (However, I need the value here)                                                                                                                                                                                     
            }                                                                                                                        
        }
    }

This is my workaround:

if ( "%{User-Name}" !~ /^super\\d / && NAS-Identifier =~ /^SUP\\-([ABCD])/ ) {
            update request {                                                                                                         
                User-Name := "%{User-Name}-%{1}"                                                                                                                                                                                        
            }                                                                                                                        
        }

I would really appreciate your help as I couldn't find anything in the FreeRadius documentation.

Thanks in advance.

CodePudding user response:

According to the FreeRadius documentation:

Every time a regular expression is evaluated, whether it matches or not, the capture group values will be cleared.

So, in your case, you can reverse the order of conditions:

if ( "%{User-Name}" !~ /^super\\d / ) {
  if ( NAS-Identifier =~ /^SUP-([ABCD])/ ) {
    update request {                                                                                                         
      User-Name := "%{User-Name}-%{1}" 
    }                                                                                                                        
  }
}

Note that the - char is not any special regex metacharacter when used outside character classes, no need to escape it here.

  • Related