On 12 May 2009, at 20:28, Doug Hardie wrote:
On 12 May 2009, at 13:29, Doug Hardie wrote:
V 2.1.5. I am having a problem with PAP not using the proper user
id. IF the user id is just a plain
<user_id> then it works properly. However, I have some realms
setup that have prefixes and suffixes e.g., DUB+<user_id>@lafn.
PAP is trying to find the user_id DUB+<user_id>@lafn rather than
the stripped user id <user_id> and hence it doesn't find a password
for the user. Everything works just fine if I add Auth-Type :=
Accept to the users file, but thats not a great way to run a
railroad. Obviously I missed something.
hints has:
DEFAULT Prefix == "DUB+", Suffix == "@lafn", Strip-User-Name = Yes
Hint = "SlipStream"
What have I missed?
I seem to have reached a dead end with this. Version 1.x would
strip both the prefix and the suffix in Stripped-User-Name and then
use that to find the password. Version 2.x will strip one or the
other, but not both. From what I can see in presufcmp there appears
to be no easy way to get it to strip both. I have tried a number of
kludges in hints to try and get that done. None seem to work. I am
having to run a production server with Auth-Type := Accept to keep
things up and running, but this is not really acceptable.
One kludge that appears might work is in paircmp.c at line 142 add:
for (len=0; len<strlen(rest); len++)
if (rest[len] == '\@') rest[len] = '\0';
I believe that would work since when both a prefix and suffix are
present the prefix is removed and the suffix remains. All my
suffixes have a @.
The above method works for striped-user-name but authentication still
has DUB+<user_id>. There is a most interesting worked example in the
wiki that I adapted:
DEFAULT User-Name =~ "DUB+([...@]+)@*"
User-Name := "%{1}",
Hint = "SlipStream"
This almost works. The authentication is done using +<user_id> so
the basic problem has a solution but the regex needs some help. I
don't need to retain the suffix or prefix but there are several
different prefixes so I need to check for each separately. I don't
have a lot of experience with regex so it should be simple, but
haven't found it yet.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
