IVB ivb at
Mon Apr 2 09:05:15 CEST 2012

Fajar A. Nugraha-2 wrote
> ... and then on authorize section add something like this (just for check)
> if ( (request:User-Name == "00:12:23:56:78:9A") &&
> (control:Agent-Circuit-ID != "%{request:Agent-Circuit-ID}") ) {
>    update control {
>       Auth-Type := "Reject"
>   }
> }
> then use debug mode again. It should print out what it recognize
> control:Agent-Circuit-ID (which is from db) and
> request:Agent-Circuit-ID. Then you just need to edit entry on db to
> match what's on the request.
Construction shown above don't help me, because there was no output of
control:Agent-Circuit-ID and request:Agent-Circuit-ID.

But I use another construction:

if (request:User-Name == "20:cf:30:e1:e6:29") {
    update control {
        Auth-Type := "Reject"
    update reply {
        Context-Name := "%{control:Agent-Circuit-ID}

so in Acces-Reject I can see in Context-Name attribute both request and
control attributes.

And I have bad news. I got following:

Context-Name = "0x 0x000403fc0017"

Request attribute is OK, but control attribute is zero-length string. I
think this is because first byte in string is 0, and Radius treat this as

I tested this - I try to return attribute with only printable chars, and got
it in Context-Name exactly as it stored in DB.

So I urgently need help - how I can store needed value to adequately
accepted by Radius?

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list