hello,
If anyone is interested I have made some progress, but now have another issue...
I am now able to append '@ISPNAME' to each incoming packet using the following two
attr_rewrite module instances called in the authorize secion of radiusd.
attr_rewrite isISPNAMEUser {
attribute = Called-Station-Id
# may be "packet", "reply", or "config"
searchin = packet
searchfor = "(%{config:ISPNAMENums})"
replacewith = "@ISPNAME"
ignore_case = no
new_attribute = no
max_matches = 1
## If set to yes then the replace string will be appended to the
original string
append = no
}
attr_rewrite rewriteUsername {
attribute = User-Name
# may be "packet", "reply", or "config"
searchin = packet
searchfor = "[EMAIL PROTECTED]"
replacewith = %{User-Name}%{Called-Station-Id}
ignore_case = no
new_attribute = no
max_matches = 1
## If set to yes then the replace string will be appended to the
original string
append = no
}
The problem I now have is that the number of possible Called-Station-Id numbers is
huge - about 120 for each ISP. Config:ISPNAMENums is a long regex OR list of those
numbers, e.g..
ISPNAMENums = "2341234|234234243|23412351|2431232143|23536345|2342141234|25332643245|
etc...
... and this long string unfortunately breaks the attr_rewrite comparison code, which
appears to be limited to
#define MAX_STRING_LEN 254 (from libradius.h)
Also, I'm wondering how this is going to scale as it's going to require quite a bit of
processing to do the regex OR comparison for each and every incoming packet.
If anyone has any experience with this, or any input it will be *much* apreciated.
Cheers,
Spencer
On 24 Mar 2004 05:18:03PM, Spencer Stapleton wrote:
> hello,
>
> I wonder if anyone can offer any help or advice....
>
> I need to merge 3 separate Radius systems (post-acquisition fun), and wish to
> ideally achieve this without the use of huntgroups/realms and separate radiusd
> instances.
>
> We have 3 separate dialup access numbers - one for each ISP. We are therefore able
> to determine which ISP the customer has called via the Called-Station-Id attribute
> received from the Terminal server. For non-technical reasons the telco will map all
> three numbers to the same physical circuits - so the use of freeradius' huntgroups
> will not be possible.
>
> I want to be able to rewrite the username and/or additional attributes on any
> incoming packet, so that we can:
>
> 1 receive incoming packet
> 2 'preprocess' packet:
> * Check Call-Station-Id.
> * Mangle User-Name attribute, and/or insert additional attributes according to
> Call-Station-Id
> 3 continue processing mangled packet
>
> I've investigated the use of attr_rewrite module, but I'm not sure if I understand
> it's use correctly...
>
> (radiusd.conf)
>
> # Also if new_attribute is set to yes then a new attribute
> # will be created containing the value replace with and it
> # will be added to searchin (packet, reply or config).
>
> ...so how do I choose the name of the 'new_attribute' that will be created? Surely,
> if I'm able to set it's value, I must be able to assign it's name....? Is there any
> way this module can be used to 'test one attribute - to mangle another'? or perhaps
> there's another way to achieve this...? The docs for default modules seem to be
> pretty light...
>
> Any help much apreciated,
>
> Spencer
>
> --
> Systems engineer
> Compass Communications
> http://www.compass.net.nz
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Systems engineer
Compass Communications
http://www.compass.net.nz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
