configurable fail-over for policy virtual modules?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Jul 16 20:09:30 CEST 2014
On 16 Jul 2014, at 13:58, Zenon Mousmoulas <zmousm at noc.grnet.gr> wrote:
> On 2014-07-16 20:39, Arran Cudbard-Bell wrote:
>> On 16 Jul 2014, at 11:42, Zenon Mousmoulas <zmousm at noc.grnet.gr> wrote:
>>> Hi,
>>> should it be possible to do this:
>>> policy {
>>> check_something {
>>> if (Some-Attribute) {
>>> noop
>>> } else {
>>> reject
>>> }
>>> }
>>> }
>>> authorize {
>>> check_something {
>>> noop = return
>>> }
>>> }
>>> 2.x just gives a parser error, while 3.x also explains it failed to find "check_something" in the "modules" section.
>>> Thanks in advance for any insight,
>>> Z.
>> What would check_something be? Is it a module call? Or a condition or
>> a subroutine?
>
> In this case I wanted to use such a policy in a switch/case statement to call a specific eap module, see below. In general I suppose anything one can do in a policy with unlang.
>
> eap_virtual {
> switch "%{EAP-VHost-ID}" {
> case abc {
> eap_abc
> }
> case def {
> eap_def
> }
> [...]
> }
> }
>
> Z.
Then yes, see policy.d or policy.conf (in v2.0.x)
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140716/55190ded/attachment.pgp>
More information about the Freeradius-Users
mailing list