Conditional Auth Response?

Darren Ward (darrward) darrward at cisco.com
Wed Feb 12 02:00:50 CET 2014


Looking for some unlang tutorials I think! :)

I'm trying to combine the two factors I need with is to have a macro entry for a common 'anonymous' set of users together with the ability to manipulate the response and so am trying to munge the two responses I received on the separate threads.

I am getting  parse error - expecting operator on the first line so obviously the if +~ isn't an option

Any pointers for me?

if (User-Name =~ /192.168.+/) {
    update control {
        Cleartext-Password := "cisco"
    }
    if (Cisco-Control-Info = "QV*") {
        update reply {
            Cisco-Control-Info += "QV0"
        }
    }
    else {
        update reply {
            Cisco-Control-Info += "QV50000000"
        }
    }
}

Darren

-----Original Message-----
From: freeradius-users-bounces+darrward=cisco.com at lists.freeradius.org [mailto:freeradius-users-bounces+darrward=cisco.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, 11 February 2014 5:14 AM
To: FreeRadius users mailing list
Subject: Re: Conditional Auth Response?

Darren Ward (darrward) wrote:
> I'm looking for a way to change the response to an auth request based on the attributes in the request

$ man unlang

  You can write the rules below pretty much as-is.

>   -   if I receive a request for user 'bob' with just the password then send the response with normal attributes and one that has 'Cisco-Control-Info += "QV50000000"
>   -   if I receive a request for user 'bob' with password and 'Cisco-Control-Info = QV<value>' then respond with 'Cisco-Control-Info += "QV0"

 if (User-Name == 'bob') {
    if (Cisco-Control-Info = QV123) {
	update reply {
		Cisco-Control-Info += "QV0
	}
    }
    else {
	update reply {
		Cisco-Control-Info += "QV50000000
	}
    }

  Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list