How to add an attribute to a proxy response based on the User-Name?
Alan DeKok
aland at deployingradius.com
Tue Nov 10 20:31:17 CET 2009
Sharkey, Patrick M. wrote:
> In FreeRADIUS version 1.x I was able to add a vendor specific AV pair to
> an Access-Accept message based on the User-Name. Users are **not**
> specifying a realm, therefore the FR 1.x server proxies all requests to
> another RADIUS server by virtue of the NULL stanza in the proxy.conf
> file. The post_proxy_authorize directive is set to “yes” inside
> proxy.conf, so the users file is processed twice (on request and response).
The two-time processing is gone in 2.x. The newer functionality is
better.
> How do I conditionally add an AV pair post-proxy with FreeRADIUS version
> 2.1.7?
See "man unlang". Just put something in the "post-proxy"
configuration section:
post-proxy {
...
if (User-Name == "foo") {
update reply {
Vendor-User-Group += "bar"
}
}
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list