Freeradius capable of url-redirect
Nathan McDavit-Van Fleet
nmcdavit at alcor.concordia.ca
Thu Sep 9 19:10:28 CEST 2010
I have in post-auth:
If(outer.NAS-IP-Address == x.x.x.x)
{
Cisco-AVPair += "http:url-redirect=http://www.cisco.com"
}
Since Cisco's documentation doesn't provide any information for url-redirect
aside from inside Cisco ACS, I don't know where exactly to put this code.
The only thing I know is that it's after authentication so that's where I
put it.
I've indeed seen most of the config examples in user-specific
configurations. I have seen
Cisco-AVPair += "lcp:interace-config vrf forwarding CHL-PRIVATE" in policy
as well.
-Nathan
> -----Original Message-----
> From: freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: Thursday, September 09, 2010 12:57 PM
> To: FreeRadius users mailing list
> Subject: Re: Freeradius capable of url-redirect
>
> Nathan McDavit-Van Fleet wrote:
> > Okay,
> >
> > So my config is failing to even allow freeradius to initialize. I get
> the
> > following errors in my radius.log
> >
> > Thu Sep 9 11:46:11 2010 : Error:
> > /etc/raddb/sites-enabled/inner-tunnel[161]: Failed to parse "elsif"
> > subsection.
>
> So... what does that section of the file contain?
>
> > My config is
> >
> > Cisco-AVpair+="http:url-redirect=http://www.cisco.com"
>
> You have a *bit* more than one line of text in your configuration.
>
> Perhaps you could post the *context*? Like the entire "elsif"
> section
> it's complaining about?
>
> > Apparently this is not properly formatted. I found several examples
> where
> > this should be alright. I've tried with the protocol "ip" and others,
> but I
> > don't even think that the protocol matters in terms of how freeradius
> parses
> > it?
>
> You have likely read the examples wrong. The examples show specific
> configurations in specific files. If you follow the examples
> *exactly*,
> they will work. They will even work if you then edit them to change
> the
> attribute name and value.
>
> What you've done is probably to take an example intended for the
> "users" file, and put it somewhere else.
>
> Read "man unlang" for the format of the configuration files. It also
> explains how to set attributes.
>
> i.e. This *is* documented.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list