RE: very long regular expression...[unclas]

> -----Original Message-----
> From:
> freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre
eradius.org [mailto:freeradius-users->
bounces+frank.ranner=defence.gov.au@lists.freeradi us.org] On
> Behalf Of Norbert Grochal
> Sent: Saturday, 25 November 2006 00:13
> To: FreeRadius users mailing list
> Subject: Re: very long regular expression...
>
> > Do something like:
> >
> > modules {
> > passwd mac2ok {
> > filename = /etc/raddb/mac2ok
> > format = "*Calling-Station-Id:~My-Local-String"
> > hashsize = 100
> > }
> >
> > # other modules
> > }
> >
> > authorize {
> > preprocess
> > mac2ok
> > files
> > # other modules
> > }
> >
> > Make "/etc/raddb/mac2ok" read:
> >
> > 008012323244:ok
> > 002938475473:ok
> >
> > ...then in "users" put:
> >
> > DEFAULT My-Local-String != "ok", Auth-Type := Reject
> Reply-Message =
> > "calling station id not allowed", Fall-Through = No
> >
> > # Other config items
> >
> > Depending on the version of the server, you might need the
> following
> > in
> > /etc/raddb/dictionary:
> >
> > ATTRIBUTE My-Local-String 3000 string
>
> OK, It almost works fine, but if there is no mac in my mac2ok
> file then users file doesn't put REJECT into Auth-Type.
> I have added that line at the begining of users file:
>
> DEFAULT Auth-Type := REJECT, My-Local-String !* "a"
>

Try:

DEFAULT My-Local-String !* "a", Auth-Type := REJECT
Reply-Message = "No calling station id provided"

If the first part is false, the second part does not get tested,
which means Auth-Type doesn't get set. When tests have side effects
(like assignment) testing order matters.

Also, why not test positive instead of negative:

DEFAULT My-Local-String == "ok", Auth-Type := ACCEPT
Reply-Message = "%u logged on",
Other-Attribute = "somevalue"

# other reasons for allowing access
DEFAULT foo == "bar"
...

# reject all others
DEFAULT Auth-Type := REJECT
Reply-Message = "Access denied"

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html