Proxy help

Ivan Kalik tnt at kalik.net
Fri Jun 27 00:08:31 CEST 2008


Service-Type is in the request.

Ivan Kalik
Kalik Informatika ISP


Dana 26/6/2008, "David Mitchell" <mitchell at ucar.edu> piše:

>David Mitchell wrote:
>> Ivan Kalik wrote:
>>> Update reply with unlang:
>>>
>>> http://freeradius.org/radiusd/man/unlang.html
>> 
>> Sure, but where? In the 'attrs' file? I tried adding something there and
>> it complains:
>> 
>> DEFAULT
>>         Service-Type := %{proxy-request:Service-Type},
>> #       Service-Type == Framed-User,
>> #       Service-Type == Login-User,
>>         Login-Service == Telnet,
>> 
>> results in
>> /home/mitchell/fr/etc/raddb/attrs[104]: Parse error (reply) for entry
>> DEFAULT: Expected end of line or comma
>> Errors reading /home/mitchell/fr/etc/raddb/attrs
>> 
>> Is attrs not using unlang? If not, what should I be using instead? It
>> does look like unlang gives me what I want, but it's not clear where I
>> can use it.
>
>So I'm closer. I can update things in post-auth using for example:
>        update reply {
>                Service-Type := "%{control:Service-Type}"
>                Reply-Message := "Go Away %{request:User-Name}"
>        }
>
>But I can't get %{Service-Type} to expand. I have no idea what happened
>to the value I set earlier in the users file. It almost seems like I
>should not be using the users file at all and trying to implement my
>authz in post-auth using unlang? That doesn't really seem right though.
>
>-David
>
>> 
>> -David
>> 
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 26/6/2008, "David Mitchell" <mitchell at ucar.edu> piše:
>>>
>>>> I should probably add that I can get the Service-Type added using the
>>>> 'attrs' file in the post-proxy section. But I want to set the
>>>> Service-Type based on the user and huntgroup so that users have either
>>>> Administrative-User or Login-User access depending on the user and
>>>> device. This doesn't seem to be possible in the attrs file.
>>>>
>>>> -David
>>>>
>>>> David Mitchell wrote:
>>>>> I've having a problem getting the proper attributes set on my response
>>>>> packets when using a proxy.
>>>>>
>>>>> If I authenticate locally with something like this in users:
>>>>> username Cleartext-Password password
>>>>>         Service-Type = Administrative-User,
>>>>>         Reply-Message = "Authorized Users Only",
>>>>>
>>>>> it works fine. The Service-Type and Reply-Message get sent off to the
>>>>> NAS and life is good. However, if I activate a NULL realm and proxy the
>>>>> authentications out, it no longer works. My users file looks more like this:
>>>>> DEFAULT
>>>>>         Service-Type = Administrative-User,
>>>>>         Reply-Message = "Authorized Users Only",
>>>>>
>>>>> Judging from the post-proxy-detail and reply-detail logs it looks like
>>>>> the proxy server is dropping all the attributes and my server doesn't
>>>>> put them back? Is that correct? And is that the way it's supposed to
>>>>> work? Thanks in advance,
>>>>>
>>>>> -David Mitchell
>>>>>
>>>>>
>>>> --
>>>> -----------------------------------------------------------------
>>>> | David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
>>>> | Tel: (303) 497-1845                      National Center for  |
>>>> | FAX: (303) 497-1818                      Atmospheric Research |
>>>> -----------------------------------------------------------------
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>
>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>> 
>> 
>
>
>-- 
>-----------------------------------------------------------------
>| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
>| Tel: (303) 497-1845                      National Center for  |
>| FAX: (303) 497-1818                      Atmospheric Research |
>-----------------------------------------------------------------
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list