Sending Cisco AV Pairs per realm
Kevin Bonner
keb at pa.net
Mon Sep 17 19:43:10 CEST 2007
On Friday 14 September 2007 11:28:51 Dan Goscomb wrote:
> Hi
>
> I have a number of realms on my radius server (FreeRADIUS Version
> 1.1.6). All users are valid in both realms (one is for dialup, one for
> broadband).
>
> e.g.
> dang at dsl.realm
> dang at dial.realm
>
> All realm's are stripped so that the user (dang in the examples above)
> is authenticated. However, on dial.realm I need to return a couple of
> Cisco-Avpair attributes; how can this be done?
You may be able to use the Realm attribute in the users file to add your
specific attributes, depending on how the realms are stripped from the
username. You can also use the hints file, which you already tried.
> I have tried a hints file, however although I get the message on debug:
>
> hints: Matched DEFAULT at 17
>
> The data specifies is not sent back in the RADIUS reply.
That's because you cannot list reply attributes in the hints file, but you can
add a Hint that can be checked in the users file.
Here is a short example that should work for you using the hints file:
#hints
DEFAULT User-Name =~ "@dsl.realm"
Hint = "DSL"
#/hints
#users
DEFAULT Hint == "DSL"
Cisco-AVPair += "..."
#/users
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070917/3c7cf522/attachment.pgp>
More information about the Freeradius-Users
mailing list