update reply: "Juniper-Primary-Dns"

Amir Tal amir at ccc.co.il
Tue Jun 16 18:25:55 CEST 2015


Hi,

Trying to implement setting custom values for DNS servers based on some condition.
Following attributes are needed in radius reply:
Juniper-Primary-Dns
Juniper-Secondary-Dns

Following snip was added to '/etc/raddb/sites-enabled/default' :

...
        if ( User-Name =~ /test2/i ) {
                if ( NAS-Port-Id =~ /147.235.4./i ) {
                        update reply {
                                Juniper-Primary-Dns := "109.226.x.x"
                                Juniper-Secondary-Dns := "109.226.x.x"
                        }
                }
        }
...

When testing this, values are added to reply, this was confirmed by enabling "reply_log" in freeradius.
Example:
Tue Jun 16 18:54:07 2015
        Packet-Type = Access-Accept
        Juniper-Primary-Dns = 109.226.x.x
        Juniper-Secondary-Dns = 109.226.x.x
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
        ERX-Egress-Statistics := enable
        ERX-Ingress-Statistics := enable
        ERX-Egress-Policy-Name := "100MB"
        ERX-Ingress-Policy-Name := "4mb"
        Framed-MTU = 1512
        Framed-Pool := "fast"

But, this is not passed to the client, NAS still overrides this with default values.
User authentication uses LDAP to store user profiles, if we add these two attributes to the user via his LDAP profile, then the change is accepted.

Condition was tested on "authorize" and on "post-auth" sections, same result in both cases.


Assistance would be appreciated, thanks.

Amir.


[IMG]<http://www.ccc.co.il>
Amir Tal                [IMG]
System Administrator    +972 39201471   [IMG]
Cloud Systems Support   +972 39201442   [IMG]














More information about the Freeradius-Users mailing list