User + Device Authentication to Specific Network
Alan DeKok
aland at deployingradius.com
Mon Jun 10 08:45:50 CEST 2019
On Jun 10, 2019, at 1:20 AM, Duncan X Simpson <virtualdxs at gmail.com> wrote:
> Thank you for the help! I seem to almost have it working, but I've run into one problem: Attributes don't seem to be expanding. I have the following in my post-auth section for testing:
>
> update reply {
> Unix-FTP-Shell := "%{Calling-Station-Id}"
> }
>
> Every time, Unix-FTP-Shell is set, but it's set to "":
Read the *rest* of the debug output. Is there a Calling-Station-Id in the incoming packet?
> (22) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
> (22) post-auth {
> (22) update reply {
> (22) &Tunnel-Type := VLAN
> (22) &Tunnel-Medium-Type := IEEE-802
> (22) } # update reply = noop
> (22) update reply {
> (22) EXPAND %{Calling-Station-Id}
> (22) -->
> (22) Unix-FTP-Shell :=
> (22) } # update reply = noop
>
> I've swapped out Calling-Station-Id for a couple other things to test (Tunnel-Type (which I set about 3 lines up)
In the reply. NOT in the request. See "man unlang" for how to access the different lists.
> and Service-Type (which came in with the request)), both with the same results. Why are these not getting expanded? Is post-auth the wrong place to do this?
Post the WHOLE debug output, and let someone else explain it.
But odds are that the Service-Type attribute isn't in the request. There isn't a lot that can go wrong here.
Alan DeKok.
More information about the Freeradius-Users
mailing list