How to add an attribute to a proxy response based on the User-Name?
Sharkey, Patrick M.
psharkey at draper.com
Tue Nov 10 19:29:55 CET 2009
In FreeRADIUS version 1.x I was able to add a vendor specific AV pair to
an Access-Accept message based on the User-Name. Users are *not*
specifying a realm, therefore the FR 1.x server proxies all requests to
another RADIUS server by virtue of the NULL stanza in the proxy.conf
file. The post_proxy_authorize directive is set to "yes" inside
proxy.conf, so the users file is processed twice (on request and
response).
The FR 1.x users file contains an entry similar to the following:
foo User-Name == "foo"
Vendor-User-Group += "bar"
When user foo successfully authenticates, the Vendor-User-Group
attribute is passed from FR to the NAS with the value "bar".
I want to set the value of the Vendor-User-Group attribute based on the
User-Name. I do not want the user to specify a realm in their User-Name
and set the value of Vendor-User-Group based on the realm.
How do I conditionally add an AV pair post-proxy with FreeRADIUS version
2.1.7?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091110/500e18aa/attachment.html>
More information about the Freeradius-Users
mailing list