[RADIATOR] Handler filtering "OR" instead of "AND"?
Hugh Irvine
hugh at open.com.au
Wed Nov 1 23:25:00 UTC 2017
Hello Stephan -
Without seeing the whole configuration file and understanding your complete problem it is difficult to make suggestions.
It would probably be reasonable for us to do a review of the overall system.
And I think I agree with you - it must be possible to simplify things quite a bit.
regards
Hugh
> On 2 Nov 2017, at 02:35, S.Schwarz at lumc.nl wrote:
>
> Hi,
>
> I’m trying to accomplish the following to simplify the config file.
>
> Instead of having a whole lot of handlers that look something like.. (for example, we use the hostnames to spread the systems across different vlans)
>
> <Handler Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/^host\/0-/>
> <AuthBy LSA>
> EAPType MSCHAP-V2
> DefaultDomain domainname
> UsernameMatchesWithoutRealm
> Group Domain Computers
> AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:270
> </AuthBy>
> </Handler>
> <Handler Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/^host\/1-/>
> <AuthBy LSA>
> EAPType MSCHAP-V2
> DefaultDomain domainname
> UsernameMatchesWithoutRealm
> Group Domain Computers
> AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:271
> </AuthBy>
> </Handler>
> <Handler Connect-Info="From_QManage",MS-CHAP2-Response=/.+/,User-Name=/(host\/).+(0\.)/>
> <AuthBy LSA>
> EAPType MSCHAP-V2
> DefaultDomain domainname
> UsernameMatchesWithoutRealm
> Group Domain Computers
> AddToReply Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1:270
> </AuthBy>
> </Handler>
> <Handler TunnelledByPEAP=1,User-Name=/^host\/0-/>
> Authbylsa….
> <Handler TunnelledByPEAP=1,User-Name=/^host\/1-/>
> Authbylsa….
> <Handler TunnelledByPEAP=1,User-Name=/(host\/).+(0\.)/>
> Authbylsa….
>
>
> I have about 30 of these handlers that clog up a lot of the config file
>
> Is it possible to do something like: <Handler (Connect-Info="From_QManage",MS-CHAP2-Response=/.+/ | TunnelledByPEAP=1 ),User-Name=/^host\/0-/> ?
>
> I hope I don’t have to keep using this old config logic was that created by my predecessor, because the config file is so long that it’s so hard to read (especially since everything looks almost the same with just 1 or 2 numbers difference per section)
> If it’s not possible to do an “OR” comparison in the handler attributes list, is there any other way I could make an easier to understand configuration file where I have to send a VLAN ID as reply based on the computername.
>
>
>
> Kind regards,
> Stephan
>
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list