configurable fail-over for policy virtual modules?
Zenon Mousmoulas
zmousm at noc.grnet.gr
Wed Jul 16 20:23:50 CEST 2014
On 2014-07-16 21:09, Arran Cudbard-Bell wrote:
> On 16 Jul 2014, at 13:58, Zenon Mousmoulas <zmousm at noc.grnet.gr> wrote:
>
>> On 2014-07-16 20:39, Arran Cudbard-Bell wrote:
>>> On 16 Jul 2014, at 11:42, Zenon Mousmoulas <zmousm at noc.grnet.gr>
>>> wrote:
>>>> Hi,
>>>> should it be possible to do this:
>>>> policy {
>>>> check_something {
>>>> if (Some-Attribute) {
>>>> noop
>>>> } else {
>>>> reject
>>>> }
>>>> }
>>>> }
>>>> authorize {
>>>> check_something {
>>>> noop = return
>>>> }
>>>> }
>>>> 2.x just gives a parser error, while 3.x also explains it failed to
>>>> find "check_something" in the "modules" section.
>>>> Thanks in advance for any insight,
>>>> Z.
>>> What would check_something be? Is it a module call? Or a condition or
>>> a subroutine?
>>
>> In this case I wanted to use such a policy in a switch/case statement
>> to call a specific eap module, see below. In general I suppose
>> anything one can do in a policy with unlang.
>>
>> eap_virtual {
>> switch "%{EAP-VHost-ID}" {
>> case abc {
>> eap_abc
>> }
>> case def {
>> eap_def
>> }
>> [...]
>> }
>> }
>>
>> Z.
>
> Then yes, see policy.d or policy.conf (in v2.0.x)
Perhaps what I wrote previously was misleading: The above is the policy
definition, which I then call in authorize:
eap_virtual {
ok = return
}
This is what didn't work (parser error).
Z.
More information about the Freeradius-Users
mailing list