"+=" allowed in attrs ??
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Aug 23 12:38:39 CEST 2012
On 23 Aug 2012, at 11:30, Joachim Brauer <jbrauer at de.ibm.com> wrote:
> Hi
>
> I have set up a virtual server with
>
> authenticate {
> Auth-Type MS-CHAP {
> update control {
> Proxy-To-Realm := "emea_radius_servers"
> }
> }
> }
> post-auth {
> attr_filter.boa-NX-fwruleuser
> }
> }
>
> and the attr.filter looks like
>
> # Joachim Brauer
> "blah at blah.de"
> cisco-avpair := "ip:inacl#0=permit ip any 10.1.0.0 255.255.255.224",
> cisco-avpair += "ip:inacl#1=permit ip any 10.2.0.0 255.255.255.224",
> cisco-avpair += "ip:inacl#2=deny ip any any"
>
>
>
>
> However when debugging I see that the 1st cisco-avpair line is processed and sent to the NAS and the following 2 lines are NOT sent by freeradius
> My question now: is += not allowed in attrs ? or am I doing s.th. wrong here ?
> Purpose is to enrich the RADIUS response with per user cisco-avpair values....
> freeradius version is 2.1.12 on RHEL 6.
>
You shouldn't be using the attribute filter to add attributes, that's what the users file is there for?
-Arran
More information about the Freeradius-Users
mailing list