Wipe existing reply attributes in rlm_files
Brian Candler
B.Candler at pobox.com
Sat Oct 2 11:07:41 CEST 2010
Hello, I'm using freeradius 2.1.7.
I would like to know if there's a simple way, within a users file, to
*replace* the entire set of reply attributes with some others. For example,
NONE Foo = "bar", Baz = "bap"
# FIXME: delete all reply attributes which have accumulated so far
Framed-IP-Address = 1.1.1.1
The idea is that I've already done a database dip using something like
rlm_sql, which may have added some reply attributes; but then later logic
requires that I need to remove those reply attributes and replace them with
a different set (e.g. to L2TP tunnel them somewhere else)
I know I could remove specific attributes using -=, but I don't know which
attributes might have been added by this point.
My current solution is very messy, using two users files. Firstly I set a
temporary control list attribute:
NONE Foo = "bar", Baz = "bap", Postauth-Action := "XXX"
and then next in the authorize { } config I have:
if ("%{control:PostAuth-Action}" =~ /./) {
deleteall # invoke custom module to clear reply list
postauth_attrs # invoke second users file
}
and finally, in a second users file, I add the new attributes:
XXX
Framed-IP-Address = 1.1.1.1
I can't even use the standard attr_filter module to delete the existing
reply attributes, because when it's invoked in the authorize { } section it
acts on the request list, not the reply list.
Have I missed an easier way to do this?
Thanks,
Brian.
More information about the Freeradius-Users
mailing list