update reply: "Juniper-Primary-Dns"
Amir Tal
amir at ccc.co.il
Tue Jun 16 18:25:55 CEST 2015
Hi,
Trying to implement setting custom values for DNS servers based on some condition.
Following attributes are needed in radius reply:
Juniper-Primary-Dns
Juniper-Secondary-Dns
Following snip was added to '/etc/raddb/sites-enabled/default' :
...
if ( User-Name =~ /test2/i ) {
if ( NAS-Port-Id =~ /147.235.4./i ) {
update reply {
Juniper-Primary-Dns := "109.226.x.x"
Juniper-Secondary-Dns := "109.226.x.x"
}
}
}
...
When testing this, values are added to reply, this was confirmed by enabling "reply_log" in freeradius.
Example:
Tue Jun 16 18:54:07 2015
Packet-Type = Access-Accept
Juniper-Primary-Dns = 109.226.x.x
Juniper-Secondary-Dns = 109.226.x.x
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
ERX-Egress-Statistics := enable
ERX-Ingress-Statistics := enable
ERX-Egress-Policy-Name := "100MB"
ERX-Ingress-Policy-Name := "4mb"
Framed-MTU = 1512
Framed-Pool := "fast"
But, this is not passed to the client, NAS still overrides this with default values.
User authentication uses LDAP to store user profiles, if we add these two attributes to the user via his LDAP profile, then the change is accepted.
Condition was tested on "authorize" and on "post-auth" sections, same result in both cases.
Assistance would be appreciated, thanks.
Amir.
[IMG]<http://www.ccc.co.il>
Amir Tal [IMG]
System Administrator +972 39201471 [IMG]
Cloud Systems Support +972 39201442 [IMG]
More information about the Freeradius-Users
mailing list