Possible little extension to dictionnary.h3c

Mathieu Simon (Lists) matsimon.lists at simweb.ch
Sun Jan 19 23:22:28 CET 2014


G'day

While trying to figure out how I could tuck the admin auth to our
FreeRADIUS for some of our 3Com 2928 switches which seemingly were made
by H3C and thus behave a little different from standard 3Com comware
devices. (HP has relabeled them, now known as HP 1910 series)

After some searching I came across a forum post on HP's pages where a
user mentioned how he got it working.* Thankfully he included his
modified dictionnary.h3c which adds a single H3C-specific
Hw_Exec_Privilege attribute which seems to do the trick for those boxes.

Although it seems to work for me, if it's not completely wrong what
about taking that little change upstream for the benefit of others?

I've tested this on a old FR  2.1.12 on Debian, but it seems the H3C
dict hasn't changed for some time and thus the patch should also apply
on 2.x and 3.x branches.

--- dictionary.h3c      2014-01-19 23:08:05.016784021 +0100
+++ dictionary.h3c.new  2014-01-19 23:09:48.832375719 +0100
@@ -18,4 +18,11 @@
 ATTRIBUTE      H3C-Ip-Host-Addr                        60      string
 ATTRIBUTE      H3C-Product-ID                          255     string

+ATTRIBUTE      Hw_Exec_Privilege                       29      integer
+
+VALUE          Hw_Exec_Privilege       H3C-Visitor             0
+VALUE          Hw_Exec_Privilege       H3C-Monitor             1
+VALUE          Hw_Exec_Privilege       H3C-Manager             2
+VALUE          Hw_Exec_Privilege       H3C-Administrator       3
+
 END-VENDOR     H3C


-- Mathieu Simon

* For correct references:
http://h30499.www3.hp.com/t5/Web-and-Unmanaged/V1910-radius-server-Level-privilege/td-p/2367841#.UtxHVBCIVaQ




More information about the Freeradius-Users mailing list