NAS in sql and returning specific VSAs
Vincent, Fabien
fabien.vincent at coreye.fr
Tue Nov 8 19:22:16 CET 2011
For the solution, I did that :
authorize {
+ update request {
+ FreeRADIUS-Client-NAS-Type = "%{sql:SELECT type FROM nas
WHERE nasname='%{Packet-Src-IP-Address}'}"
+ }
group {
LDAP_COMPANY
}
And in the section post-auth, I did :
+ if ("%{FreeRADIUS-Client-NAS-Type}" == "cisco") {
+ update reply {
+ Service-Type = NAS-Prompt-User
+ cisco-avpair = "shell:priv-lvl=15"
+ }
+ }
+ elsif ("%{FreeRADIUS-Client-NAS-Type}" == "bigip-ltm") {
+ update reply {
+ F5-LTM-User-Role = Administrator
+ F5-LTM-User-Info-1 = myuserinfo
+ F5-LTM-User-Partition = Common
+ F5-LTM-User-Shell = bpsh
+ }
+ }
And this works ... Thanks for your help !!!
Fabien VINCENT
Ingénieur Réseaux & Sécurité / ASSR Produits
Niveau 3 - Infrastructure & Produits
fabien.vincent at coreye.fr
-----Message d'origine-----
De : freeradius-users-bounces+fabien.vincent=coreye.fr at lists.freeradius.org
[mailto:freeradius-users-bounces+fabien.vincent=coreye.fr at lists.freeradius.o
rg] De la part de Alan Buxey
Envoyé : mardi 8 novembre 2011 18:39
À : FreeRadius users mailing list
Objet : Re: NAS in sql and returning specific VSAs
Hi,
> Hi all,
>
>
>
> I just tried using
>
>
>
> if(%Client-Type == 'cisco'){
>
> Service-Type = NAS-Prompt-User
>
> cisco-avpair = "shell:priv-lvl=15"
>
> }
if(%Client-Type == 'cisco'){
update reply {
Service-Type = NAS-Prompt-User
cisco-avpair = "shell:priv-lvl=15"
}
}
?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Ce message a ete verifie par MailScanner.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3746 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111108/1f3a6cb1/attachment.bin>
More information about the Freeradius-Users
mailing list