Last night i also dreamt of sending all VSA to NAS but i was not sure what will be the outcome so thanks for the info.<br><br>I have never worked with policies but it seems to be important so i will try to learn the same.<br>
<br>Regards<br>Suman<br><br><div class="gmail_quote">On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">Stefan A. wrote:<br>
> If you read it ‚one of the ideas of having different virtual servers is<br>
> separation of policies for different NASses’ you are right.<br>
><br>
> Suman was asking on how to send several NASses into the same policy.<br>
<br>
</div> The simplest way to do it is to set *generic* policies, and then<br>
re-write them in post-auth. For example, define a "Policy-Name"<br>
attribute in the dictionary, and set it somewhere in the "authorize"<br>
section. Then:<br>
<br>
post-auth {<br>
...<br>
<br>
if ("%{client:nas_type}" == "foo") {<br>
// map policies for client foo<br>
<br>
}<br>
elsif ("%{client:nas_type}" == "bar") {<br>
// map policies for client bar<br>
}<br>
...<br>
}<br>
<br>
The underlying issue is that different NAS vendors have defined<br>
different attributes for the same functionality.<br>
<br>
An even simpler solution is to just return all of the VSAs to each<br>
NAS. As was said earlier, each NAS will ignore the ones it doesn't<br>
understand, and apply the ones it does.<br>
<font color="#888888"><br>
Alan DeKok.<br>
</font><div><div></div><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>