Hello Charles -
Mea culpa!
That's what I get for dashing off a reply without actually testing it.
*sigh*
What you want is a "negative character class", not a "negative lookahead
assertion" (it was me that was negatively looking ahead....).
This one I have tested:
<Handler User-Name = /[^A-Za-z0-9-@.]/>
It will match on any character that is not one of "A-Z", "a-z", "0-9", "-",
"@", and ".". I also forgot the "." last time, which is a bit silly if you are
accepting "@" don't you think?
(sheepish) regards
Hugh
On Fri, 04 Aug 2000, Charles Sprickman wrote:
> Hi,
>
> Per a previous question, I put the following handler as the first handler
> in my radius.cfg:
>
> # This handler catches garbage logins
> <Handler Username = /^(?!A-Za-z0-9-@)/>
> SessionDatabase = SDB_internal
> AuthBy Reject_User
> </Handler>
>
> I'm not too good at complex regular expressions, but this one came from
> Hugh, and it's supposed to match any username that does not have the
> characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the
> problem of passing authentication any further when we get a garbled
> username. The seperate session db is to keep the clutter out of our main
> session db.
>
> When I actually gave it a try, I found that it was matching everything:
>
> (from a trace level 4)
> Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign
> Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username =
> /^(?!A-Za-z0-9-@)/ should be used to handle this request
> Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username =
> /^(?!A-Za-z0-9-@)/'
> Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for
> rrdesign, 216.223.195.9, 1284
> Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE
> Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> rrdesign
> Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE
> REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject
> Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected
> explicitly by Auth-Type=Reject
>
> Any ideas?
>
> Thanks,
>
> Charles
>
> | Charles Sprickman | Internet Channel
> | INCH System Administration Team | (212)243-5200
> | [EMAIL PROTECTED] | [EMAIL PROTECTED]
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
