# If policy A calls policy B, then B MUST be defined before A.
#
policy {
+ # We check for this prefix to determine whether the class value was generated by the server.
+ class_value_prefix = 'ai:'
#
# Overload the default acct_unique module, it's not smart enough
#
# or the client roams to a different 'port' whilst maintaining its initial authentication
# session (Common in a wireless environment).
#
- if("%{string:Class}" =~ /auth_id:([0-9a-f]{32})/i) {
+ if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
update request {
Acct-Unique-Session-Id := "%{md5:%{1}%{Acct-Session-ID}}"
}
#
insert_acct_class {
update reply {
- Class = "auth_id:%{md5:%t%{request:NAS-Identifier}%{NAS-Port-ID}%{NAS-Port}%{Calling-Station-ID}%{reply:User-Name}}"
+ Class = "${policy.class_value_prefix}%{md5:%t%{request:NAS-Identifier}%{NAS-Port-ID}%{NAS-Port}%{Calling-Station-ID}%{reply:User-Name}}"
}
}
}
#
- # Split User-Name in NAI format (RFC 4282) into components
+ # Split User-Name in NAI format (RFC 4282) into components
#
# This policy writes the Username and Domain portions of the NAI into the
# Stripped-User-Name and Stripped-User-Domain attributes.
# Add "rewrite_called_station_id" in the "authorize" and "preacct" sections.
#
rewrite_called_station_id {
- if(Called-Station-Id =~ /^%{config:policy.mac-addr-regexp}(:(.+))?$/i) {
+ if(Called-Station-Id =~ /^${policy.mac-addr-regexp}(:(.+))?$/i) {
update request {
Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
}
# Add "rewrite_calling_station_id" in the "authorize" and "preacct" sections.
#
rewrite_calling_station_id {
- if(Calling-Station-Id =~ /^%{config:policy.mac-addr-regexp}$/i) {
+ if(Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i) {
update request {
Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
}
projects / thirdparty / freeradius-server.git / commitdiff
