Using the class attribute
Phil Mayers
p.mayers at imperial.ac.uk
Fri Aug 1 10:56:29 CEST 2008
>But the class will be expanded to something like %{Class} ->
>0x44444631323334...., which does not match ^DDF.*
The Class attribute is defined in the RFCs and the dictionary files as
type "octets", which are coerced to their 0xaabbcc representation before
string operations (e.g. regexp, database insert) are performed.
If you're sure you'll only have ascii, you can edit dictionary.rfc2865
and change the type of Class from "octets" to "string"
>
>
>A second Issue:
>
>The proxy server beween me and the NAS will request a second radius server
>in case I have previously accepted the Request.
? The request will be authenticated twice?
>If this second server Accepts the call and adds a class to the accept
>packet, than it comes to the situation, that I will see the two classes
Is that permitted under the RFCs?
>hitting my accounting server. Beside the proxy-state, the order of
>attributes is not guaranteed...
>Will
> DEFAULT Acct-Status-Type =~".*", Class =~"^DDF:(.*)"
>Match my class, or will it see the first class in the packet and will then
>not macht?
>How can I match for multiple instances of a single attribute?
It should match; IIRC the regexp will try all all instances of an
attribute and stop on first match.
>
>Wold an entry in attr file help... Like this one?:
>
>DEFAULT
> ...
> Class =~"^0x444446.*"
>
>
>Thank you.
>
>Stefan
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list