Dynamic Attributes Based on NAS Type !
Alan DeKok
aland at deployingradius.com
Sun Oct 9 10:31:50 CEST 2011
Stefan A. wrote:
> If you read it ‚one of the ideas of having different virtual servers is
> separation of policies for different NASses’ you are right.
>
> Suman was asking on how to send several NASses into the same policy.
The simplest way to do it is to set *generic* policies, and then
re-write them in post-auth. For example, define a "Policy-Name"
attribute in the dictionary, and set it somewhere in the "authorize"
section. Then:
post-auth {
...
if ("%{client:nas_type}" == "foo") {
// map policies for client foo
}
elsif ("%{client:nas_type}" == "bar") {
// map policies for client bar
}
...
}
The underlying issue is that different NAS vendors have defined
different attributes for the same functionality.
An even simpler solution is to just return all of the VSAs to each
NAS. As was said earlier, each NAS will ignore the ones it doesn't
understand, and apply the ones it does.
Alan DeKok.
More information about the Freeradius-Users
mailing list