Fallback LDAP Attribute Value

Steven Carr steven.carr at sunderland.ac.uk
Tue Jul 7 17:46:49 CEST 2009


On 7/7/09 16:16, Steven Carr wrote:
> Thanks Ivan, the following in the post-auth section of the default file
> works:
> 
>> 	if ((!reply:Tunnel-Private-Group-ID) || (reply:Tunnel-Private-Group-ID == "")) {
>> 		update reply {
>> 			Tunnel-Private-Group-ID = "666"
>> 		}
>> 	}

OK for my next part on this subject, this returns the values for all
users regardless of what they are connecting to. Is it possible to
either restrict this value to only be returned to a particular huntgroup
or to remove this value from being returned from the huntgroups that
don't need it.

We are doing 802.1x and only want the 802.1x attributes to be returned
to our cisco switches.

E.g. I have a huntgroup called ciscoswitches which has all of our
switches listed in it. In the users file I have the following
declaration to add the 802.1x attributes:

DEFAULT	Huntgroup-Name == "ciscoswitches"
	Service-Type = Framed-User,
	Tunnel-Type = "VLAN",
	Tunnel-Medium-Type = "IEEE-802",
	Fall-Through = Yes

The "Tunnel-Private-Group-ID" is then added from the post-auth, which is
fine for this huntgroup, but I don't want it there for the rest of them.

Thanks

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090707/c675e505/attachment.pgp>


More information about the Freeradius-Users mailing list