> >> Control instead of config ? > > Yes. "config" is already used for configuration-file stuff.
Both appear to work and do the same thing when updating things... Ok, It appears that either update request is broken, or something else weird is happening. if(("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) { if(("%{2}" == "") || ("%{2}" == "sussex.ac.uk")){ update request { Stripped-User-Name := "%{1}" Realm := "local" } } else{ update request { Stripped-User-Name := "%{0}" Realm = "%{2}" } } } That sorts out username formating, means you can use [EMAIL PROTECTED], and things will still work *sigh* (never underestimate the stupidity of yours users). It basically says if user has no realm or has specified sussex as their realm, update the request, set stripped-user-name to be their username and set Realm to be "local". else set their username as the entire User-Name string and set the request realm to be their specified Realm. Later in the config file theres: # PROXYING LOGIC # Eventually if we ever need to proxy to multiple locations we can do checks here, but for now assume all non local realms go through JRS if("%{request:Realm}" != "local"){ update control { Proxy-To-Realm := "jrs" } update request { Realm := "jrs" } } So if the realm is not local then proxy to realm jrs (this is why I was waiting for the switch statement :) ) ++? if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) expand: %{User-Name} -> ac221 ?? Evaluating ("%{User-Name}" =~ /([^-]+)-emergency-/) -> FALSE expand: %{User-Name} -> ac221 ?? Evaluating ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/) -> TRUE ++? if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) -> TRUE ++- entering if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) +++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) expand: %{2} -> ?? Evaluating ("%{2}" == "") -> TRUE ?? Skipping ("%{2}" == "sussex.ac.uk") +++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) -> TRUE +++- entering if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) expand: %{1} -> ac221 ++++[request] returns updated +++- if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) returns updated +++ ... skipping else for request 0: Preceding "if" was taken ++- if (("%{User-Name}" =~ /([^-]+)-emergency-/) || ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) returns updated ++? if ("%{request:Realm}" != "local") expand: %{request:Realm} -> ? Evaluating ("%{request:Realm}" != "local") -> TRUE ++? if ("%{request:Realm}" != "local") -> TRUE ++- entering if ("%{request:Realm}" != "local") +++[control] returns updated See brokeness: ?? Evaluating ("%{2}" == "") -> TRUE ?? Skipping ("%{2}" == "sussex.ac.uk") +++? if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) -> TRUE +++- entering if (("%{2}" == "") || ("%{2}" == "sussex.ac.uk")) expand: %{1} -> ac221 ++++[request] returns updated Stripped-User-Name set to ac221 and i'm guessing Realm set to local... but then: ++? if ("%{request:Realm}" != "local") expand: %{request:Realm} -> No local ?! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html