Wipe existing reply attributes in rlm_files

Brian Candler B.Candler at pobox.com
Sat Oct 2 12:05:15 CEST 2010


> Why don't you just do whatever "if()" logic before adding the attributes?

It's complicated :-)

Partly it's policy. We configure as much of this logic in users files as
possible, because they can be updated without needing to restart radiusd.

But in future it will be a necessity. The project I'm working on involves
authenticating users based on some attribute which identifies their physical
location, not their User-Name.  So decisions you might have made in the past
solely based on realm and NAS-IP (e.g. tunnel to X) have to be made after a
database lookup.

That database lookup may add reply attributes, which will be needed by the
terminating LNS, but not when tunnel switching.  So if the database
identifies the user as category X, *and* the request comes from NAS-IP Y,
then we have to strip the reply attributes and replace with tunnelling ones.

Regards,

Brian.



More information about the Freeradius-Users mailing list