使用規則運算式中 NPSUse Regular Expressions in NPS

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

本主題解釋如何使用運算式一般符合 NPS 在 Windows Server 2016 中的模式。This topic explains the use of regular expressions for pattern matching in NPS in Windows Server 2016. 您可以使用下列語法指定的網路原則屬性與 RADIUS 領域的條件。You can use this syntax to specify the conditions of network policy attributes and RADIUS realms.

模式比參考資料Pattern-matching reference

使用模式符合語法建立規則運算式時,您可以使用下表做為參考資料來源。You can use the following table as a reference source when creating regular expressions with pattern-matching syntax.

一個字元Character 描述Description 範例Example
\ 標記的下一個字元符合字元。Marks the next character as a character to match. /n/ matches the character "n". The sequence /\n/ matches a line feed or newline character.
^ 符合輸入或一行的開頭。Matches the beginning of the input or line.  
$ 符合輸入或一行的結尾。Matches the end of the input or line.  
* 符合上述字元或多個時間。Matches the preceding character zero or more times. /zo*/ matches either "z" or "zoo."
+ 符合上述字元一或多個時間。Matches the preceding character one or more times. /zo+/ matches "zoo" but not "z."
? 比對前一個字元零或一次。Matches the preceding character zero or one times. /a?ve?/ matches the "ve" in "never."
. 符合新行字元以外的任何一個字元。Matches any single character except a newline character.  
( pattern ) 符合「模式」,並會記住相符項目。Matches "pattern" and remembers the match. To match ( ) (parentheses), use "\(" or "\)".
' x`x Y 'y ` 符合 x 或 y。Matches either x or y.
{ n } 符合完全 n 次 \(n 是 non\ 負 integer\)。Matches exactly n times (n is a non-negative integer). /o{2}/ does not match the "o" in "Bob," but matches the first two instances of the letter o in "foooood."
{ n ,} 符合至少 n 時間 \(n 是 non\ 負 integer\)。Matches at least n times (n is a non-negative integer). /o{2,}/ does not match the "o" in "Bob" but matches all of the instances of the letter o in "foooood." /o{1,}/ is equivalent to /o+/.
{ n , m } 符合至少 n 和最 m 時間 \(m 和 n 是 non\ 負 integers\)。Matches at least n and at most m times (m and n are non-negative integers). /o{1,3}/ matches the first three instances of the letter o in "fooooood."
[ xyz ] 比對任何一個括號字元 (a character set)。Matches any one of the enclosed characters (a character set). /[abc]/ matches the "a" in "plain."
[^ xyz ] 比對任何不包含的字元 \ (負字元 set)。Matches any characters that are not enclosed (a negative character set). /[^abc]/ matches the "p" in "plain."
\b 符合 word 邊界 \ (例如,space)。Matches a word boundary (for example, a space). /ea*r\b/ matches the "er" in "never early."
\B 符合非邊界。Matches a nonword boundary. /ea*r\B/ matches the "ear" in "never early."
\d 符合數字字元 \(相當於數字 0 到 9\)。Matches a digit character (equivalent to digits from 0 to 9).  
\D 符合非數字字元 \ (相當於[^0-9])。Matches a nondigit character (equivalent to [^0-9]).  
\f 相符項目換字元。Matches a form feed character.  
\n 相符項目換字元。Matches a line feed character.  
\r 比對換字元。Matches a carriage return character.  
\s 符合空間,索引標籤,然後送紙包括任何空格字元 \ (相當於[ \f\n\r\t\v])。Matches any white space character including space, tab, and form feed (equivalent to [ \f\n\r\t\v]).  
\S 比對任何非空格字元 \ (相當於[^ \f\n\r\t\v])。Matches any non-white space character (equivalent to [^ \f\n\r\t\v]).  
\t 符合] 索引標籤的字元。Matches a tab character.  
\v 符合垂直] 索引標籤的字元。Matches a vertical tab character.  
\w 比對任何文字的字元,包括底線 \ (相當於[A-Za-z0-9_])。Matches any word character, including underscore (equivalent to [A-Za-z0-9_]).  
\W 比對任何 non\ 字字元,不含底線 \ (相當於[^A-Za-z0-9_])。Matches any non-word character, excluding underscore (equivalent to [^A-Za-z0-9_]).  
\ num 指向記憶相符項目 \ (?num、num 位置是正 integer)。Refers to remembered matches (?num, where num is a positive integer). 可以使用這個選項只在取代設定屬性操作時的文字方塊。This option can be used only in the Replace text box when configuring attribute manipulation. \1 將會取代項目儲存在第一次記憶相符項目。replaces what is stored in the first remembered match.
/ n / 讓 ASCII 代碼插入規則運算式 \ (?n、n 是進位、十六進位或小數點 esc 鍵 value)。Allows the insertion of ASCII codes into regular expressions (?n, where n is an octal, hexadecimal, or decimal escape value).  

網路原則屬性範例Examples for network policy attributes

下列範例描述模式比語法指定的網路原則屬性使用:The following examples describe the use of the pattern-matching syntax to specify network policy attributes:

  • 若要指定的 899 區碼在所有的電話號碼,語法為:To specify all phone numbers within the 899 area code, the syntax is:

    899.*

  • 若要指定 192.168.1 開始 IP 位址,語法為:To specify a range of IP addresses that begin with 192.168.1, the syntax is:

    192\.168\.1\..+

範例操作領域中的使用者名稱屬性名稱Examples for manipulation of the realm name in the User Name attribute

下列範例描述模式比語法管理使用者名稱屬性,這位於領域名稱使用屬性索引標籤中連接要求原則的屬性。The following examples describe the use of the pattern-matching syntax to manipulate realm names for the User Name attribute, which is located on the Attribute tab in the properties of a connection request policy.

若要移除的領域部分的使用者名稱屬性To remove the realm portion of the User Name attribute

在外部撥號案例中網際網路服務提供者 (ISP) 路徑連接要求公司 NPS 伺服器、ISP RADIUS proxy 可能需要路由傳送驗證要求領域名稱。In an outsourced dial-up scenario in which an Internet service provider (ISP) routes connection requests to an organization NPS server, the ISP RADIUS proxy might require a realm name to route the authentication request. 不過,NPS 伺服器可能無法辨識的領域名稱部分的使用者名稱。However, the NPS server might not recognize the realm name portion of the user name. 因此,領域名稱必須先移除 ISP RADIUS proxy 轉送組織 NPS 伺服器。Therefore, the realm name must be removed by the ISP RADIUS proxy before it is forwarded to the organization NPS server.

  • 尋找:@microsoft\.comFind: @microsoft\.com

  • 取代:Replace:

user@example.microsoft.comexample.microsoft.com\userTo replace user@example.microsoft.com with example.microsoft.com\user

  • 尋找:Find:(.*)@(.*)

  • 取代:Replace:$2\$1

網域使用者specific_domain\userTo replace domain\user with specific_domain\user

  • 尋找:Find:(.*)\\(.*)

  • 取代:specific_domainReplace: specific_domain\$2

使用者user@specific_domainTo replace user with user@specific_domain

  • 尋找:Find:$

  • 取代:@specific_domainReplace: @specific_domain

範例 RADIUS 郵件轉寄 proxy 伺服器Example for RADIUS message forwarding by a proxy server

您可以建立 NPS RADIUS proxy 為時,向前一組 RADIUS 伺服器的名稱指定的領域 RADIUS 訊息的路徑規則。You can create routing rules that forward RADIUS messages with a specified realm name to a set of RADIUS servers when NPS is used as a RADIUS proxy. 以下是建議的語法路由領域名稱為基礎的需求。Following is a recommended syntax for routing requests based on realm name.

  • NetBIOS 名稱 **:NetBIOS name**: WCOAST
  • 模式 **:Pattern**: ^wcoast\\

下列範例中,在 wcoast.microsoft.com 是 DNS 或 Active Directory domain wcoast.microsoft.com 獨特的使用者主體名稱 (UPN) 尾碼。使用提供的模式,NPS proxy 可以傳送簡訊,根據網域 NetBIOS 名稱或 UPN 尾碼。In the following example, wcoast.microsoft.com is a unique user principal name (UPN) suffix for the DNS or Active Directory domain wcoast.microsoft.com. Using the supplied pattern, the NPS proxy can route messages based on domain NetBIOS name or UPN suffix.

  • NetBIOS 名稱 **:NetBIOS name**: WCOAST
  • UPN 尾碼 **:UPN suffix**: wcoast.microsoft.com
  • 模式 **:Pattern**: ^wcoast\\|@wcoast\.microsoft\.com$

如需有關管理 NPS 的詳細資訊,請查看管理的網路原則伺服器]For more information about managing NPS, see Manage Network Policy Server.

如需 NPS 的詳細資訊,請查看的網路原則 Server (NPS)For more information about NPS, see Network Policy Server (NPS).