At Mon, 3 Nov 2003 13:39:20 +0200 (EET), Kostas Kalevras wrote: > > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > > > Hello to everyone. > > This is my first post to the list. I want to have a user that is > > allowed to have ISDN or PSTN access and another that should have PSTN > > access only. I am using the attribute NAS-Port-Type in the check list > > to accomplish this. In the first user I want the NAS-Port-Type to have > > values Async or ISDN and in the second I want to have Async only. I am > > also using the sql module so my users' authorization data are stored > > in an Oracle database. Freeradius version 0.9.2 (latest for now). > > My radcheck table looks like > > > > +--+--------------+------------------+-----+----------- > > id username attribute op value > > +--+--------------+------------------+-----+----------- > > 1 kzorba User-Password == xxxx > > 2 kzorba NAS-Port-Type == Async > > 3 kzorba NAS-Port-Type == ISDN > > 4 mitg User-Password == yyyy > > 5 mitg NAS-Port-Type == Async > > +--+--------------+------------------+-----+----------- > > > > I am using the NTradping test utility (as descibed in the O'Reilly > > book) but the results are the same when I use a Cisco 3640 > > router. When I > > am sending one of the 2 allowed values in an > > Access-Request for kzorba I always get reject. I tried to put as a > > value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I > > always got accept no matter what I sent (even a value besides ISDN or > > Async). I only managed to get accept when I have one record with a > > specific value (in this case everything works as expected). So the > > question is: > > How can I express the fact that I want to accept the user when the > > attribute has value a OR b? By generalizing can I have boolean > > expressions in check items? > > Thank you in advance > > I think that the AND relation of the check items is rather strongly established > in the check functions of freeradius. The way i see it you have two choises: > 1. Use a regular expression > 2. Use the checkval module (check raddb/experimental.conf) > Thanks for the reply. I believe that the regular expressions can be used for string type attributes only. Unfortunately NAS-Port-Type is ENUM. I tried it using 'Async|ISDN' as value and it always returned accept. By the way what kind of syntax can I use for regexps? Perl like? Also is there any further documentation on the checkval apart from experimental.conf? I imagine that I need to enable experimental module support in the configure (./configure --with-experimental-modules) and then include experimental.conf in radius.conf?
> > > > Kostas > > > > > > ====================================================== > > Kostas Zorbadelos > > Currently at: Otenet IT Department > > mailto: [EMAIL PROTECTED] > > > > Out there in the darkness, out there in the night > > out there in the starlight, one soul burns brighter > > than a thousand suns. > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ====================================================== Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
