Proxy help
Ivan Kalik
tnt at kalik.net
Fri Jun 27 00:08:31 CEST 2008
Service-Type is in the request.
Ivan Kalik
Kalik Informatika ISP
Dana 26/6/2008, "David Mitchell" <mitchell at ucar.edu> piše:
>David Mitchell wrote:
>> Ivan Kalik wrote:
>>> Update reply with unlang:
>>>
>>> http://freeradius.org/radiusd/man/unlang.html
>>
>> Sure, but where? In the 'attrs' file? I tried adding something there and
>> it complains:
>>
>> DEFAULT
>> Service-Type := %{proxy-request:Service-Type},
>> # Service-Type == Framed-User,
>> # Service-Type == Login-User,
>> Login-Service == Telnet,
>>
>> results in
>> /home/mitchell/fr/etc/raddb/attrs[104]: Parse error (reply) for entry
>> DEFAULT: Expected end of line or comma
>> Errors reading /home/mitchell/fr/etc/raddb/attrs
>>
>> Is attrs not using unlang? If not, what should I be using instead? It
>> does look like unlang gives me what I want, but it's not clear where I
>> can use it.
>
>So I'm closer. I can update things in post-auth using for example:
> update reply {
> Service-Type := "%{control:Service-Type}"
> Reply-Message := "Go Away %{request:User-Name}"
> }
>
>But I can't get %{Service-Type} to expand. I have no idea what happened
>to the value I set earlier in the users file. It almost seems like I
>should not be using the users file at all and trying to implement my
>authz in post-auth using unlang? That doesn't really seem right though.
>
>-David
>
>>
>> -David
>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 26/6/2008, "David Mitchell" <mitchell at ucar.edu> piše:
>>>
>>>> I should probably add that I can get the Service-Type added using the
>>>> 'attrs' file in the post-proxy section. But I want to set the
>>>> Service-Type based on the user and huntgroup so that users have either
>>>> Administrative-User or Login-User access depending on the user and
>>>> device. This doesn't seem to be possible in the attrs file.
>>>>
>>>> -David
>>>>
>>>> David Mitchell wrote:
>>>>> I've having a problem getting the proper attributes set on my response
>>>>> packets when using a proxy.
>>>>>
>>>>> If I authenticate locally with something like this in users:
>>>>> username Cleartext-Password password
>>>>> Service-Type = Administrative-User,
>>>>> Reply-Message = "Authorized Users Only",
>>>>>
>>>>> it works fine. The Service-Type and Reply-Message get sent off to the
>>>>> NAS and life is good. However, if I activate a NULL realm and proxy the
>>>>> authentications out, it no longer works. My users file looks more like this:
>>>>> DEFAULT
>>>>> Service-Type = Administrative-User,
>>>>> Reply-Message = "Authorized Users Only",
>>>>>
>>>>> Judging from the post-proxy-detail and reply-detail logs it looks like
>>>>> the proxy server is dropping all the attributes and my server doesn't
>>>>> put them back? Is that correct? And is that the way it's supposed to
>>>>> work? Thanks in advance,
>>>>>
>>>>> -David Mitchell
>>>>>
>>>>>
>>>> --
>>>> -----------------------------------------------------------------
>>>> | David Mitchell (mitchell at ucar.edu) Network Engineer IV |
>>>> | Tel: (303) 497-1845 National Center for |
>>>> | FAX: (303) 497-1818 Atmospheric Research |
>>>> -----------------------------------------------------------------
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>
>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>
>>
>
>
>--
>-----------------------------------------------------------------
>| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
>| Tel: (303) 497-1845 National Center for |
>| FAX: (303) 497-1818 Atmospheric Research |
>-----------------------------------------------------------------
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list