<div>Hi</div>
<div>To proceed with unlang, how can I ensure that the Access-Request contains specific IE.</div>
<div>For example: </div>
<ul>
<li><IMEI Field> : 1234567890123</li>
<li><Hardware Id> : AC12BD54FS56TRZS506</li>
<li>etc.. </li></ul>
<div>Also, Is there any limitation to number of parameters and size, that can be contained in any Access-Request?</div>
<div>I wish to compare these field values to my database and if not present in Request, directly process Reject.</div>
<div> </div>
<div>Br, Navodit</div>
<div> </div>
<div> </div>
<div class="gmail_quote">On Thu, Jul 18, 2013 at 10:04 PM, Matt Zagrabelny <span dir="ltr"><<a href="mailto:mzagrabe@d.umn.edu" target="_blank">mzagrabe@d.umn.edu</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div class="im">On Thu, Jul 18, 2013 at 10:46 AM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br>> Navodit Bhardwaj wrote:<br>>> For each Access-Request recieved and authenticated successfully I want<br>
>> to do following:<br>>><br>>> 1. Verify if Access-Request contains a parameter i.e IMEI of mobile<br>>> 2. If Not, send Access-Reject. Else,<br>>> 3. compare IMEI to value in database and assign a 32bit hex number in<br>
>> Access-Accept<br>><br>> You should be able to just write this in unlang. Write down which<br>> attributes you have, and what values you're looking for. Then, write<br>> the logic.<br><br></div>
Navodit,<br><br>I just asked a similar question and this is the logic I added to my<br>default site, right after 'preprocess':<br><br>if (CVPN3000-Tunnel-Group-Name == 'Bookstore') {<br> if (SQL-Group == 'RADIUS:bookstore') {<br>
noop<br> }<br> else {<br> reject<br> }<br>}<br><br>What the above logic "says" is:<br><br>If the user is requesting to be in the Bookstore VPN group then if<br>they are part of the RADIUS:bookstore group, continue (noop), else<br>
reject them.<br><br>You'll need to change 'CVPN3000-Tunnel-Group-Name' and 'Bookstore',<br>and remove the second 'if' statement.<br>
<div class="im"><br>>> Basically, I am doing a second authentication after initial<br>>> authentication (PAP, CHAP) is successful.<br>><br>> Don't do that. Do it *before* PAP or CHAP. In the "authorize" section.<br>
<br></div>Alan,<br><br>I've got a similar question that dovetails into this discussion.<br>Suppose I wanted to reject certain users and wanted the Reply-Message<br>to be customized per user authenticating, but I want to ensure that I<br>
am not leaking the customized message. Is there a way to test the<br>user/pw combo first and *then* perform unlang logic?<br><br>Thanks,<br><br>-mz<br>
<div class="HOEnZb">
<div class="h5">-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></blockquote></div><br><br clear="all">
<br>-- <br>br,<br>Navodit Bhardwaj<br>Hughes Systique Corporation<br>
<div style="TEXT-ALIGN:left;PADDING-BOTTOM:0px;LINE-HEIGHT:130%;MARGIN-TOP:0px;PADDING-LEFT:0px;PADDING-RIGHT:0px;WORD-WRAP:break-word;COLOR:black;MARGIN-LEFT:0px;FONT-SIZE:10px;OVERFLOW:hidden;PADDING-TOP:0px"></div>