Attribute filtering

Alan DeKok aland at deployingradius.com
Thu Feb 11 22:43:08 CET 2016


On Feb 11, 2016, at 3:43 PM, Alan Batie <alan at peak.org> wrote:
> 
> I'm having some trouble with attribute filtering:  we're preparing to
> move from router assigned ip addressing to radius pool assignment.  For
> initial testing, I thought I'd just add a Pool-Name to the user check
> items for a few test accounts.  That doesn't work because the
> Framed-IP-Address that tells the router to do the assignment is added in
> the group reply items, which prevents sqlippool from doing an
> assignment.

   ou should be able to remove it for those test users.

>  It's probably possible to do a convoluted sql statement in
> the group lookup, but that would be...convoluted.  Our solution was to
> just create separate groups for these cases, but I would like to figure
> out how to do overrides like this.

	sql
	if (test user) {
		update reply {
			Framed-IP-Address !* ANY
		}
		update control {
			Pool-Name := "pool"
		}

		sqlippool
	}



> What I looked for was an operator to remove an attribute, but that
> doesn't seem to exist - you can only add them.

  There are attribute filtering operators. See "man unlang".

> I noticed the attr_filter module, and tried that with:
> 
> mods-config/attr_filter/framed_ip_address:
> 
> if (&control:Pool-Nmae && &control:Pool-Name != "") {
>        Framed-IP-Address !* ANY
> }

  Which is "unlang" syntax.  The attr_filter module takes a different formant.  See the examples shipped with the server.

  Alan DeKok.




More information about the Freeradius-Users mailing list