Hello Stephan - Without seeing the whole configuration file and understanding your complete problem it is difficult to make suggestions.
It would probably be reasonable for us to do a review of the overall system. And I think I agree with you - it must be possible to simplify things quite a bit. regards Hugh > On 2 Nov 2017, at 02:35, s.schw...@lumc.nl wrote: > > Hi, > > I’m trying to accomplish the following to simplify the config file. > > Instead of having a whole lot of handlers that look something like.. (for > example, we use the hostnames to spread the systems across different vlans) > > <Handler > Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/^host\/0-/> > <AuthBy LSA> > EAPType MSCHAP-V2 > DefaultDomain domainname > UsernameMatchesWithoutRealm > Group Domain Computers > AddToReply > Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:270 > </AuthBy> > </Handler> > <Handler > Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/^host\/1-/> > <AuthBy LSA> > EAPType MSCHAP-V2 > DefaultDomain domainname > UsernameMatchesWithoutRealm > Group Domain Computers > AddToReply > Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:271 > </AuthBy> > </Handler> > <Handler > Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/(host\/).+(0\.)/> > <AuthBy LSA> > EAPType MSCHAP-V2 > DefaultDomain domainname > UsernameMatchesWithoutRealm > Group Domain Computers > AddToReply > Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:270 > </AuthBy> > </Handler> > <Handler TunnelledByPEAP=1,User-Name=/^host\/0-/> > Authbylsa…. > <Handler TunnelledByPEAP=1,User-Name=/^host\/1-/> > Authbylsa…. > <Handler TunnelledByPEAP=1,User-Name=/(host\/).+(0\.)/> > Authbylsa…. > > > I have about 30 of these handlers that clog up a lot of the config file > > Is it possible to do something like: <Handler > (Connect-Info="From_QManage",MS-CHAP2-Response=/.+/ | TunnelledByPEAP=1 > ),User-Name=/^host\/0-/> ? > > I hope I don’t have to keep using this old config logic was that created by > my predecessor, because the config file is so long that it’s so hard to read > (especially since everything looks almost the same with just 1 or 2 numbers > difference per section) > If it’s not possible to do an “OR” comparison in the handler attributes list, > is there any other way I could make an easier to understand configuration > file where I have to send a VLAN ID as reply based on the computername. > > > > Kind regards, > Stephan > > > _______________________________________________ > radiator mailing list > radiator@lists.open.com.au > http://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator
