Ok this is for anybody else out there having the same question I have
regarding this.
There is no clear way to separate between which requests (from or to
home servers/post-proxy or pre-proxy). So I tried this with success:
Add this to the radiusd.conf, I added this under the "attr_filter {"
line, which is part of the "Modules" section in the config file.
attr_filter preproxy_attrfilter {
attrsfile = ${confdir}/preproxy_attrfilter
}
Then under the pre-proxy section before the "files" line add a line
"preproxy_attrfilter", Or before any custom auth stuff you have in
there. (example:)
pre-proxy {
preproxy_attrfilter
files
pre_proxy_log
}
Then add the filters into the file preproxy_attrfilter in
/etc/freeradius or whatever your config directory is called.
example:
REALM-HERE.com
NAS-IP-Address := xx.xx.xx.xx,
User-Name =* ANY,
User-Password =* ANY,
Calling-Station-Id =* ANY
Thanks,
Mike
Ivan Kalik wrote:
Because the example is for one in post-proxy section. Try reading again:
http://freeradius.org/radiusd/man/rlm_attr_filter.html
Ivan Kalik
Kalik Informatika ISP
Dana 7/7/2008, "Michael da Silva Pereira" <michael@tradepage.co.za>
piše:
Hi there,
It seems this only affects replies from the Home Server going to my NAS.
"
# attr_filter - filters the attributes received in replies from
# proxied servers, to make sure we send back to our RADIUS client
# only allowed attributes.
attr_filter {
attrsfile = ${confdir}/attrs
}
"
I want to filter extra attributes sent from the NAS to the Home Server
basically.
Thanks,
Mike
Ivan Kalik wrote:
It does tend to filter attributes when you use attribute filter ;-)
http://freeradius.org/radiusd/man/rlm_attr_filter.html
http://wiki.freeradius.org/Attrs
Ivan Kalik
Kalik Informatika ISP
Dana 7/7/2008, "Michael da Silva Pereira" <michael@tradepage.co.za>
piše:
Hi All,
I am wondering if anybody has done this, I'm sure it's actually very
easy to do, But I'm just not able to get it done :(
I need to filter requests coming from my NAS going to my radius server
being forwarded to a clients radius server.
Now I am able to modify and update attributes, even add using
preproxy_users. but how on earth do I drop the attribute completely?
Currently in preproxy_users:
DEFAULT Realm == "testrealm.com"
NAS-IP-Address := 196.3.121.32,
User-Name =* ANY,
User-Password =* ANY
Other server still recieves:
3GPP2-Correlation-Id
Calling-Station-Id
Framed-Protocol
User-Name
User-Password
Service-Type
NAS-IP-Address
NAS-Identifier
Proxy-State
User-Password
Client-IP-Address
Kind regards,
Michael da silva Pereira
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
|