On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote:
> At Mon, 3 Nov 2003 13:39:20 +0200 (EET),
> Kostas Kalevras wrote:
> >
> > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote:
> >
> > >
> > > Hello to everyone.
> > > This is my first post to the list. I want to have a user that is
> > > allowed to have ISDN or PSTN access and another that should have PSTN
> > > access only. I am using the attribute NAS-Port-Type in the check list
> > > to accomplish this. In the first user I want the NAS-Port-Type to have
> > > values Async or ISDN and in the second I want to have Async only. I am
> > > also using the sql module so my users' authorization data are stored
> > > in an Oracle database. Freeradius version 0.9.2 (latest for now).
> > > My radcheck table looks like
> > >
> > > +--+--------------+------------------+-----+-----------
> > > id username attribute op value
> > > +--+--------------+------------------+-----+-----------
> > > 1 kzorba User-Password == xxxx
> > > 2 kzorba NAS-Port-Type == Async
> > > 3 kzorba NAS-Port-Type == ISDN
> > > 4 mitg User-Password == yyyy
> > > 5 mitg NAS-Port-Type == Async
> > > +--+--------------+------------------+-----+-----------
> > >
> > > I am using the NTradping test utility (as descibed in the O'Reilly
> > > book) but the results are the same when I use a Cisco 3640
> > > router. When I
> > > am sending one of the 2 allowed values in an
> > > Access-Request for kzorba I always get reject. I tried to put as a
> > > value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I
> > > always got accept no matter what I sent (even a value besides ISDN or
> > > Async). I only managed to get accept when I have one record with a
> > > specific value (in this case everything works as expected). So the
> > > question is:
> > > How can I express the fact that I want to accept the user when the
> > > attribute has value a OR b? By generalizing can I have boolean
> > > expressions in check items?
> > > Thank you in advance
> >
> > I think that the AND relation of the check items is rather strongly established
> > in the check functions of freeradius. The way i see it you have two choises:
> > 1. Use a regular expression
> > 2. Use the checkval module (check raddb/experimental.conf)
> >
> Thanks for the reply. I believe that the regular expressions can be
> used for string type attributes only. Unfortunately NAS-Port-Type is
> ENUM. I tried it using 'Async|ISDN' as value and it always returned
> accept. By the way what kind of syntax can I use for regexps? Perl
> like?
Not perl, POSIX. But i do think that Async|ISDN should work. For regular
expressions we always use the string represantion of the attribute (that way
regexs can also work for ipaddr,enum and other attribute types). Try something
like:
DEFAULT NAS-Port-Type =~ "Async|ISDN"
Reply-Message = "Yes it works"
in your users file to make sure that it works that way.
> Also is there any further documentation on the checkval apart
> from experimental.conf?
No, and i don't think there's any need for. It is a rather simple module
actually.
> I imagine that I need to enable experimental module support in the
> configure (./configure --with-experimental-modules) and then include
> experimental.conf in radius.conf?
Yes for the configure part. You won't need to include the whole
experimental.conf file though, only the checkval section.
>
> > >
> > > Kostas
> > >
> > >
> > > ======================================================
> > > Kostas Zorbadelos
> > > Currently at: Otenet IT Department
> > > mailto: [EMAIL PROTECTED]
> > >
> > > Out there in the darkness, out there in the night
> > > out there in the starlight, one soul burns brighter
> > > than a thousand suns.
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> ======================================================
> Kostas Zorbadelos
> Currently at: Otenet IT Department
> mailto: [EMAIL PROTECTED]
>
> Out there in the darkness, out there in the night
> out there in the starlight, one soul burns brighter
> than a thousand suns.
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
