Operator to remove attributes

Thu Oct 1 20:48:00 CEST 2015

Doesn't seem to work:

mysql> select * from radgroupreply WHERE groupname LIKE "DEVICE-MGMT-LNS";
+-----+-----------------+-------------------+----+--------------------------
-------------+
| id  | groupname       | attribute         | op | value
|
+-----+-----------------+-------------------+----+--------------------------
-------------+
| 229 | DEVICE-MGMT-LNS | Framed-IP-Address | !* | ANY
|
| 230 | DEVICE-MGMT-LNS | Framed-IP-Netmask | !* | ANY
|
| 231 | DEVICE-MGMT-LNS | Cisco-AVPair      | += | vpdn:tunnel-type=l2tp
|
| 232 | DEVICE-MGMT-LNS | Cisco-AVPair      | += | vpdn:tunnel-id=dev-mgmt
|
| 235 | DEVICE-MGMT-LNS | Cisco-AVPair      | += |
vpdn:tunnel-password=XXXXXXXXXX       |
| 238 | DEVICE-MGMT-LNS | Cisco-AVPair      | += | vpdn:vpn-vrf=XXXXXXXX
|
| 239 | DEVICE-MGMT-LNS | Cisco-AVPair      | += |
vpdn:ip-addresses=XXXXXXXXXXX         |
+-----+-----------------+-------------------+----+--------------------------
-------------+

lns#test aaa group PPPOE-RADIUS-SERVERS test_mgmt_account TestAccount
new-code
User successfully authenticated

USER ATTRIBUTES

addr                 0   10.55.0.100
netmask              0   255.255.255.255
addr                 0   0.0.0.0
netmask              0   0.0.0.0
tunnel-type          0   3 [l2tp]
tunnel-id            0   "dev-mgmt"
tunnel-password      0   <hidden>
vpn-vrf              0   "XXXXXXXX"
ip-addresses         0   "XXXXXXXXXXX"

It looks like it just adds a second set of attributes with values of
0.0.0.0.

Cheers,

GTG

> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+ggiesen+freeradius-users=giesen.me at lists.freeradius.org] On
> Behalf Of Arran Cudbard-Bell
> Sent: October 1, 2015 2:33 PM
> To: FreeRadius users mailing list
> Subject: Re: Operator to remove attributes
> 
> 
> > On Oct 1, 2015, at 2:24 PM, Gary T. Giesen <ggiesen+freeradius-
> users at giesen.me> wrote:
> >
> > According to the docs:
> >
> > http://wiki.freeradius.org/config/Operators
> >
> > That is not allowed as a reply item.
> 
> That document is for rlm_files only (I added a note).
> 
> you should review man unlang for operator documentation.
> 
> -Arran