Radius reply multivalue VSA question.

Eric Martell workoutexcite at yahoo.com
Thu Oct 9 17:28:25 CEST 2008 

Hi Ivan,
  Thanks for the reply. After changing the operator += I am still seeing all the VARRAY in the reply. It should reply back only 
Sending Access-Accept of id 65 to 216.121.193.1 port 49266

        rEntitlements += "WIFILOC1"

        rAttribute1 = "11111"

        rCidx = "11111"

and not as it is happening now....

auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: login attempt by "etest300" with password "test123"
rlm_ldap: user DN: uid=test1212121
rlm_ldap: (re)connect to xxxxxxxxx:389, authentication 1
rlm_ldap: bind as uid=test1212121/test123 to xxxxxxx:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user etest300 authenticated succesfully
++[ldap1] returns ok
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 65 to 216.2.193.1 port 49266
        rEntitlements += "webhosting"
        rEntitlements += "2UP15DWN"
        rEntitlements += "5UP30DWN"
        rEntitlements += "WIFILOC1"
        rAttribute1 = "11111"
        rCidx = "11111"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 65 with timestamp +1
Ready to process requests.

Please let me know.
Thanks so much in advance.

Regards.


--- On Wed, 10/8/08, tnt at kalik.net <tnt at kalik.net> wrote:
From: tnt at kalik.net <tnt at kalik.net>
Subject: Re: Radius reply multivalue VSA question.
To: freeradius-users at lists.freeradius.org
Date: Wednesday, October 8, 2008, 7:18 PM

+=

http://wiki.freeradius.org/Operators

Ivan Kalik
Kalik Informatika ISP


Dana 8/10/2008, "Eric Martell" <workoutexcite at yahoo.com> piše:

>Hi, 
>   We are defining custom VSA's for our company. We have ldap
configured in freeradius which returns back the VSA's. 
>
>I defined custom VSA in
>$freeradius/share/freeradius/dictionary.abc
>ATTRIBUTE       rEntitlements          
113             string
>
>entitlements is multivalue attribute (vARRAY) in LDAP.
>
>In the ldap.attrmap it is defined as
>
>replyItem       rEntitlements                  
entitlements  ==
>
>
>So after the successful authentication, I am getting the rEntitlements back
as   
>
>Sending Access-Accept of id 50 to 69.74.69.31 port 1814
>        Session-Timeout = 7200
>        rEntitlements == "ADMALL"
>        rEntitlements == "STORE"
>        rEntitlements == "WEPG"
>        rEntitlements == "WADM"
>        rEntitlements == "SDNLD"
>        rEntitlements == "WIFILOC1"
>
>
>BUT I am looking for ONLY WIFILOC1 for the NAS. NAS will redirect if
WIFILOC1 exists.
>
>Can I do regex in the rEntitlements so freeradius ONLY returns 
>rEntitlements = "WIFILOC1" and ignore the rest?
>
>Please let me know.
>Thanks in advance.
>
>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081009/284b08cc/attachment.html>

More information about the Freeradius-Users mailing list