Regex remove realm from username

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Regex remove realm from username

Eric Martell
Hi..
  I searched thru the forums but not getting the right username after using regex.
The request I am getting is : [hidden email] and I need to strip everything after @ and pass the username as test.

I am using ldap for auth. This is the config I have in ldap.


                if (User-Name =~ /^([^@]+)(@.*)$/) {   // just want to dblchck is the right regex
                      update request {
                              Stripped-User-Name := "%{0}"
                      }
                }


                filter = "(uid=%{Stripped-User-Name})"
                //filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                //filter = "(uid=%{Stripped-User-Name})"
                encryption_scheme = crypt

I get the following while ldap lookup   expand: (uid=%{Stripped-User-Name}) -> (uid=)


Here is the radius -X log ;
rad_recv: Access-Request packet from host 216.2.193.1 port 55751, id=107, length=65
        User-Name = "[hidden email]"
        User-Password = "test123"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: Looking up realm "google.com" for User-Name = "[hidden email]"
    rlm_realm: No such realm "google.com"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++- entering group
rlm_ldap: - authorize
rlm_ldap: performing user authorization for [hidden email]
        expand: (uid=%{Stripped-User-Name}) -> (uid=)
        expand: dc=xyz,dc=net,o=internet -> dc=xyz,dc=net,o=internet
rlm_ldap: ldap_get_conn: Checking Id: 0



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Regex remove realm from username

Alex French-2
2008/10/10 Eric Martell <[hidden email]>:
> Hi..
>   I searched thru the forums but not getting the right username after using
> regex.
> The request I am getting is : [hidden email] and I need to strip everything
> after @ and pass the username as test.

Is there some reason you don't just create a local realm in proxy.conf
and use the 'strip' keyword?

realm google.com {
        type    =       radius
                authhost        = LOCAL
                accthost        = LOCAL
                strip
}


Thanks,

Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Regex remove realm from username

Arran Cudbard-Bell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex French wrote:

> 2008/10/10 Eric Martell <[hidden email]>:
>> Hi..
>>   I searched thru the forums but not getting the right username after using
>> regex.
>> The request I am getting is : [hidden email] and I need to strip everything
>> after @ and pass the username as test.
>
> Is there some reason you don't just create a local realm in proxy.conf
> and use the 'strip' keyword?
>
> realm google.com {
>         type    =       radius
> authhost        = LOCAL
> accthost        = LOCAL
> strip
> }
>
>
> Thanks,
>


We use:

if("%{User-Name}"){
        if("%{User-Name}" =~ /^([^@]*)(@([-[:alnum:].]+))?$/){
                update request {
                        Stripped-User-Name := "%{1}"
                }
                # User Names not containing a domain default to
                # <default>
                update request {
                        Stripped-User-Domain = "%{%{3}:-<default>}"
                }
        }
        # Username in unrecognised format
        else{
                reject
        }
}

Thanks,
Arran

> Alex
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- --
Arran Cudbard-Bell ([hidden email]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjw7HgACgkQcaklux5oVKIwGgCfZovEGnbvxft69Td8PcfRw5oK
Y78An0KNXZYmeXh2kb6IuSsOBQZhbbAt
=LKbU
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Regex remove realm from username

Eric Martell
Thanks so much for the reply.

I tried as Alex mentioned as realm base routing and it is working fine.

realm google.com {
type = radius
authhost = LOCAL
accthost = LOCAL
strip
}

Thanks so much.
Regards.

--- On Sat, 10/11/08, Arran Cudbard-Bell <[hidden email]> wrote:
From: Arran Cudbard-Bell <[hidden email]>
Subject: Re: Regex remove realm from username
To: "FreeRadius users mailing list" <[hidden email]>
Cc: [hidden email]
Date: Saturday, October 11, 2008, 2:12 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex French wrote:
> 2008/10/10 Eric Martell <[hidden email]>:
>> Hi..
>> I searched thru the forums but not getting the right username after
using
>> regex.
>> The request I am getting is : [hidden email] and I need to strip
everything

>> after @ and pass the username as test.
>
> Is there some reason you don't just create a local realm in proxy.conf
> and use the 'strip' keyword?
>
> realm google.com {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> strip
> }
>
>
> Thanks,
>


We use:

if("%{User-Name}"){
if("%{User-Name}" =~ /^([^@]*)(@([-[:alnum:].]+))?$/){
update request {
Stripped-User-Name := "%{1}"
}
# User Names not containing a domain default to
# <default>
update request {
Stripped-User-Domain = "%{%{3}:-<default>}"
}
}
# Username in unrecognised format
else{
reject
}
}

Thanks,
Arran

> Alex
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- --
Arran Cudbard-Bell ([hidden email]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjw7HgACgkQcaklux5oVKIwGgCfZovEGnbvxft69Td8PcfRw5oK
Y78An0KNXZYmeXh2kb6IuSsOBQZhbbAt
=LKbU
-----END PGP SIGNATURE-----


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html