Client-Shortname Attribute can only be queried, and cannot be assigned.
Alan DeKok
aland at deployingradius.com
Sun Aug 29 14:34:11 CEST 2021
On Aug 28, 2021, at 11:00 AM, Jonathan Davis <jonathan at prioritycolo.com> wrote:
> I did read a doc on networkradius.com specific to the &attribute-name operator, and don't know why I pulled them out. Funnily enough I did look for some red text in the debug, I was however throwing the & in front of also the &Pam-Auth = which I take it isn't required as you would never assgin values to a string?
The & can go there. In v4 it will be required, to make it clear that the PAM-Auth thing refers to an attribute, and not to anything else.
> I had previously tried the following which didn't work:
>
> Pam-Auth := %{Client-Shortname}
Yeah, that should be an error. I'll push a patch.
> In the logs I saw %{Client-Shortname} being passed as the string to PAM (which I understand why now).
>
> But had also tried:
>
> Pam-Auth := &Client-Shortname
That doesn't work because Client-Shortname doesn't really exist. I'll push a patch telling you what does work.
i.e. the server shouldn't *knowingly* do the wrong thing. If it sees something which is known to not work, it should complain.
> And this did not work, in the logs I saw the default "radiusd" from the mods-enabled/pam conf being passed.
>
> However, the follow does work:
>
> Pam-Auth := "%{Client-Shortname}"
Yes. that's documented as working.
Alan DeKok.
More information about the Freeradius-Users
mailing list