<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>Simple attribute question!</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Hi</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"> <FONT FACE="Calibri">I have a seemingly simple thing I need to do, however it doesn</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">’t seem to be working. In the users file I do a quick match to see if a user is in the regex list I put in (this is for overrides of an ldap group, determining higher privileges, but still basic access for the group users</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">), and then another regex checking against a certain ip range :</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">DEFAULT User-Name =~ "frank</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">d</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">sa|ever</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">ds</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">tons|kir</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">dd</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">ksa|ke</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">f</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">ls", NAS-IP-Address=~"192.168.104.*"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> Reply-Message += "Welcome %{User-Name}\n",</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> Reply-Message += "Admin access",</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> Cisco-AVPair := "shell:priv-lvl=15"</FONT></SPAN><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">This adds a couple of reply messages when the user logs in. Of course the users file is pre-auth so it doesn’t care if the ultimate request gets rejected or not based on authorization or some other check. Therefore I</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">’ve added this to the post-auth-</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">type</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">reject section of the default virtual server</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Post-Auth-Type REJECT {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> update reply {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> Reply-Message</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">:</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">= "</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">Authentication failed</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">}"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> }</FONT></SPAN><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">It may be wiser to return nothing, i.e. Reply-Message :=</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">“” for security reasons, but the point is that the reply-messages set in the users file still pass through, so I get</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Welcome (username)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Admin Access</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Authentication Failed</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">All together. Am I doing something wrong? I also tried Reply-Message !* , but this stopped the service firing up ( version 2.10</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">–</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri"> I</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">see this was talked about being fixed in 2.8?), or</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Reply-Message -=</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">“%{reply:Reply-Message}”</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Which didn’t work either.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Any ideas?</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Thanks</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Andy</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"></SPAN></P>
</BODY>
</HTML>