Proxy help
David Mitchell
mitchell at ucar.edu
Fri Jun 27 00:00:52 CEST 2008
David Mitchell wrote:
> Ivan Kalik wrote:
>> Update reply with unlang:
>>
>> http://freeradius.org/radiusd/man/unlang.html
>
> Sure, but where? In the 'attrs' file? I tried adding something there and
> it complains:
>
> DEFAULT
> Service-Type := %{proxy-request:Service-Type},
> # Service-Type == Framed-User,
> # Service-Type == Login-User,
> Login-Service == Telnet,
>
> results in
> /home/mitchell/fr/etc/raddb/attrs[104]: Parse error (reply) for entry
> DEFAULT: Expected end of line or comma
> Errors reading /home/mitchell/fr/etc/raddb/attrs
>
> Is attrs not using unlang? If not, what should I be using instead? It
> does look like unlang gives me what I want, but it's not clear where I
> can use it.
So I'm closer. I can update things in post-auth using for example:
update reply {
Service-Type := "%{control:Service-Type}"
Reply-Message := "Go Away %{request:User-Name}"
}
But I can't get %{Service-Type} to expand. I have no idea what happened
to the value I set earlier in the users file. It almost seems like I
should not be using the users file at all and trying to implement my
authz in post-auth using unlang? That doesn't really seem right though.
-David
>
> -David
>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 26/6/2008, "David Mitchell" <mitchell at ucar.edu> piše:
>>
>>> I should probably add that I can get the Service-Type added using the
>>> 'attrs' file in the post-proxy section. But I want to set the
>>> Service-Type based on the user and huntgroup so that users have either
>>> Administrative-User or Login-User access depending on the user and
>>> device. This doesn't seem to be possible in the attrs file.
>>>
>>> -David
>>>
>>> David Mitchell wrote:
>>>> I've having a problem getting the proper attributes set on my response
>>>> packets when using a proxy.
>>>>
>>>> If I authenticate locally with something like this in users:
>>>> username Cleartext-Password password
>>>> Service-Type = Administrative-User,
>>>> Reply-Message = "Authorized Users Only",
>>>>
>>>> it works fine. The Service-Type and Reply-Message get sent off to the
>>>> NAS and life is good. However, if I activate a NULL realm and proxy the
>>>> authentications out, it no longer works. My users file looks more like this:
>>>> DEFAULT
>>>> Service-Type = Administrative-User,
>>>> Reply-Message = "Authorized Users Only",
>>>>
>>>> Judging from the post-proxy-detail and reply-detail logs it looks like
>>>> the proxy server is dropping all the attributes and my server doesn't
>>>> put them back? Is that correct? And is that the way it's supposed to
>>>> work? Thanks in advance,
>>>>
>>>> -David Mitchell
>>>>
>>>>
>>> --
>>> -----------------------------------------------------------------
>>> | David Mitchell (mitchell at ucar.edu) Network Engineer IV |
>>> | Tel: (303) 497-1845 National Center for |
>>> | FAX: (303) 497-1818 Atmospheric Research |
>>> -----------------------------------------------------------------
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list