Unstructured Attr-26 in unlang

Brian Candler b.candler at pobox.com
Wed Mar 29 16:15:24 CEST 2017


On 28/03/2017 16:59, Bjørn Mork wrote:
> Another hackish workaround is to define your own "26" attribute in the
> dictionary.

Genius! Added:

ATTRIBUTE       Aten-Vendor-Specific    26      string

And as far as I can see, it doesn't mess up other vendor-specific 
attributes. Users file:

bob     Cleartext-Password := "hello"
         Cisco-AVPair += "foo",
         Aten-Vendor-Specific += "su/administrator"

Policy:

foo {
     update reply {
       Cisco-AVPair += "bar"
       Aten-Vendor-Specific += "su/readonly"
     }
}

radtest:

Received Access-Accept Id 133 from 127.0.0.1:1812 to 0.0.0.0:0 length 73
     Cisco-AVPair = "foo"
     Attr-26 = 0x73752f61646d696e6973747261746f72
     Cisco-AVPair = "bar"
     Attr-26 = 0x73752f726561646f6e6c79

tcpdump:

     0x0030:  1a0b 0000 0009 0105 666f 6f1a 1273 752f ........foo..su/
     0x0040:  6164 6d69 6e69 7374 7261 746f 721a 0b00 administrator...
     0x0050:  0000 0901 0562 6172 1a0d 7375 2f72 6561 .....bar..su/rea
     0x0060:  646f 6e6c 79                             donly

Cheers!

Brian.



More information about the Freeradius-Users mailing list