moving from freeradius 2 to 3

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

moving from freeradius 2 to 3

Users mailing list
Hello
We have an outdated freeradius 2.0 setup that we are looking to upgrade to 3.0.
The old setup has a mysql db and we have run into an issue trying to replicate the same configuration with 3.0.
We have gotten everything installed and working but in our actual setup we use some regex expressions from the db such as

NAS-Port-Type  =~ ^(Ethernet|Virtual|PPPoEoVLAN)$    to filter nas port types
or
NAS-IP-Address =~ ^(192.168.0.11|192.168.0.227|192.168.0.34|192.168.0.244)$  to filter which nas users can connect from

In 3.0 it seems that the use of regex from a db has been removed.
Is there a way to make it work ?

The goal
We use different checks in different groups and assign the user to the correct group for the service he has purchased.
If there is another way to accomplish this I am all ears.

Thanks in advance

Brian

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: moving from freeradius 2 to 3

Users mailing list
On Wed, Apr 7, 2021 at 6:10 AM Brian Turnbow via Freeradius-Users <
[hidden email]> wrote:

> Hello
> We have an outdated freeradius 2.0 setup that we are looking to upgrade to
> 3.0.
> The old setup has a mysql db and we have run into an issue trying to
> replicate the same configuration with 3.0.
> We have gotten everything installed and working but in our actual setup we
> use some regex expressions from the db such as
>
> NAS-Port-Type  =~ ^(Ethernet|Virtual|PPPoEoVLAN)$    to filter nas port
> types
> or
> NAS-IP-Address  =~
> ^(192.168.0.11|192.168.0.227|192.168.0.34|192.168.0.244)$  to filter which
> nas users can connect from
>
> In 3.0 it seems that the use of regex from a db has been removed.
>

I don't believe so. We do filtering (with unlang) based on DB values.


> Is there a way to make it work ?
>

Run FR with -X and look at the output. Start with the base config and make
small changes until it fails and then report that failure on the mailing
list.

-m
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: moving from freeradius 2 to 3

Alan DeKok-2
In reply to this post by Users mailing list
On Apr 7, 2021, at 7:09 AM, Brian Turnbow via Freeradius-Users <[hidden email]> wrote:
> We have an outdated freeradius 2.0 setup that we are looking to upgrade to 3.0.

  Good to hear.

> The old setup has a mysql db and we have run into an issue trying to replicate the same configuration with 3.0.
> We have gotten everything installed and working but in our actual setup we use some regex expressions from the db such as
>
> NAS-Port-Type  =~ ^(Ethernet|Virtual|PPPoEoVLAN)$    to filter nas port types
> or
> NAS-IP-Address =~ ^(192.168.0.11|192.168.0.227|192.168.0.34|192.168.0.244)$  to filter which nas users can connect from
>
> In 3.0 it seems that the use of regex from a db has been removed.
> Is there a way to make it work ?

  Use unlang.  :(

> The goal
> We use different checks in different groups and assign the user to the correct group for the service he has purchased.
> If there is another way to accomplish this I am all ears.

  You can do unlang checking before running the "files" module:

        if (NAS-Port-Type =~ /Ethernet|Virtual|PPPoEoVLAN/) {
                update request {
                        My-NAS-Port-Type := E_V_PPP
                }
        }
        ...

  And then in the DB, do:

        My-NAS-Port-Type == E_V_PPP

  You'll have to edit raddb/dictionary to add My-NAS-Port-Type as an attribute of type "string".  You can do similar things for other attributes.

  That's imperfect, but it involves minimal changes to the database contents.

   Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: moving from freeradius 2 to 3

Users mailing list
Hi Alan,

> > In 3.0 it seems that the use of regex from a db has been removed.
> > Is there a way to make it work ?
>
>   Use unlang.  :(


I was pretty sure that this was going to be the answer...

> > The goal
> > We use different checks in different groups and assign the user to the
> correct group for the service he has purchased.
> > If there is another way to accomplish this I am all ears.
>
>   You can do unlang checking before running the "files" module:
>
> if (NAS-Port-Type =~ /Ethernet|Virtual|PPPoEoVLAN/) {
> update request {
> My-NAS-Port-Type := E_V_PPP
> }
> }
> ...
>
>   And then in the DB, do:
>
> My-NAS-Port-Type == E_V_PPP
>
>   You'll have to edit raddb/dictionary to add My-NAS-Port-Type as an attribute
> of type "string".  You can do similar things for other attributes.
>
>   That's imperfect, but it involves minimal changes to the database contents.


Ok custom attributes it is

Thanks

Brian


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html