Class attribute in Reply message

Alan DeKok aland at deployingradius.com
Tue Oct 3 13:46:17 CEST 2017


On Oct 3, 2017, at 5:23 AM, Umut Arus <umuta at sabanciuniv.edu> wrote:
> I need to reply an deniedServices ldap variable in Class attribute for a
> controller. I added it
> "replyItem    Class   deniedServices +=" at ldap.attrmap file.
> and sites-available/default file includes it.

  That should work.

> But it override the Class
> value to empty.
>                update reply {
>                                Class += "%{Reply-Message}"
>                }

  Read "man unlang".  That sets Class to the contents of the Reply-Message contained in the *request*.

> FreeRADIUS Version 2.2.8

  Upgrade.

> Output parts are:
> 
> [peap] Setting User-Name to tayfund
> Sending tunneled request
>        EAP-Message =
> 0x020900421a0209003d3167738a93d83ed76e5251bbbaa183542f0000000000000000008955f2389888dbc3771d940bc5c9ade688b2ec3b08e4f80074617966756e64

  EAP makes everything harder.  You can't get get Class from LDAP in packet 3, and expect the same Class to be there in later packets.

  Upgrade to 3.0.15, and this will be MUCH easier to configure.

  Alan DeKok.




More information about the Freeradius-Users mailing list