Dynamic Attributes Based on NAS Type !
Suman Dash
sumandash at gmail.com
Sun Oct 9 11:24:11 CEST 2011
Last night i also dreamt of sending all VSA to NAS but i was not sure what
will be the outcome so thanks for the info.
I have never worked with policies but it seems to be important so i will try
to learn the same.
Regards
Suman
On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Stefan A. wrote:
> > If you read it ‚one of the ideas of having different virtual servers is
> > separation of policies for different NASses’ you are right.
> >
> > Suman was asking on how to send several NASses into the same policy.
>
> The simplest way to do it is to set *generic* policies, and then
> re-write them in post-auth. For example, define a "Policy-Name"
> attribute in the dictionary, and set it somewhere in the "authorize"
> section. Then:
>
> post-auth {
> ...
>
> if ("%{client:nas_type}" == "foo") {
> // map policies for client foo
>
> }
> elsif ("%{client:nas_type}" == "bar") {
> // map policies for client bar
> }
> ...
> }
>
> The underlying issue is that different NAS vendors have defined
> different attributes for the same functionality.
>
> An even simpler solution is to just return all of the VSAs to each
> NAS. As was said earlier, each NAS will ignore the ones it doesn't
> understand, and apply the ones it does.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111009/dc31c158/attachment.html>
More information about the Freeradius-Users
mailing list