ServerSide Attributes

Alexey Dotsenko lex at rwx.su
Tue May 28 13:11:03 CEST 2019 

Hello,

I suppose you see a message like the following:
Warning: [/etc/raddb/users]:1 Check item "My-Attr" found in reply item 
list for user "DEFAULT". This attribute MUST go on the first line with 
the other check items

This means (according to the comment in the dictionary file):
1) local attribute is supposed to be used as check (control) attribute. 
These attributes are specified in the first line of the user-item in the 
users file:
DEFAULT Hint == "SLIP"
         Framed-Protocol = SLIP

In this example, Hints - is a check item (attribute), and 
Framed-Protocol - is a reply item (attribute). If you see a warning at 
startup, it means that you used the local attribute in the replay 
context (where the Framed-Protocol in example), whereas its use is 
assumed in the check context (where the Hint in example).

2) In your case, this only works until a certain point: local attributes 
in the replay context will be processed by the server like any other, 
but will not be transferred to the client. A warning on the startup says 
about this - "why use local attributes in a replay context if you are 
not going to send them to the client? Use check context for this - it is 
for this purpose intended."

3) In general, this is not a error. If you have a very large array of 
local attributes, it is very inconvenient to use them in the context of 
a check - a very long string is obtained. In this case it is easier to 
use them in the context of a replay - it allows multi-line definition. 
But it is better to use other modules, such as ldap or sql - they do not 
have a similar problem.

On 28.05.2019 11:11, Nicolas Breuer wrote:
> Hello,
> 
> https://networkradius.com/doc/3.0.10/concepts/dictionary/creating_server_attributes.html
> 
> Following the documentation, we can create server-side attributes with
> number range 3000-4000.
> If I create a new attribute , I have a warning on the startup that I
> can't use that on a reply attribute in the user file but it's working.
> 
> Can you advise what we can do ?
> 
> Thanks
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list