Operator to remove attributes
Gary T. Giesen
ggiesen+freeradius-users at giesen.me
Thu Oct 1 20:57:45 CEST 2015
-= works, but only if I match the exact value (which is not very useful in this case).
mysql> select * from radgroupreply WHERE groupname LIKE "DEVICE-MGMT-LNS";
+-----+-----------------+-------------------+----+---------------------------------------+
| id | groupname | attribute | op | value |
+-----+-----------------+-------------------+----+---------------------------------------+
| 229 | DEVICE-MGMT-LNS | Framed-IP-Address | -= | 10.55.0.100 |
| 230 | DEVICE-MGMT-LNS | Framed-IP-Netmask | -= | 255.255.255.255 |
| 231 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:tunnel-type=l2tp |
| 232 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:tunnel-id=dev-mgmt |
| 235 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:tunnel-password=XXXXXXXXXX |
| 238 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:vpn-vrf=XXXXXXXX |
| 239 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:ip-addresses=XXXXXXXXXXX |
+-----+-----------------+-------------------+----+---------------------------------------+
lns#test aaa group PPPOE-RADIUS-SERVERS test_mgmt_account TestAccount new-code
User successfully authenticated
USER ATTRIBUTES
tunnel-type 0 3 [l2tp]
tunnel-id 0 "dev-mgmt"
tunnel-password 0 <hidden>
vpn-vrf 0 "XXXXXXXX"
ip-addresses 0 "XXXXXXXXXXX"
Cheers,
GTG
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+ggiesen+freeradius-users=giesen.me at lists.freeradius.org] On
> Behalf Of Gary T. Giesen
> Sent: October 1, 2015 2:48 PM
> To: 'FreeRadius users mailing list'
> Subject: RE: Operator to remove attributes
>
> Doesn't seem to work:
>
> mysql> select * from radgroupreply WHERE groupname LIKE
> mysql> "DEVICE-MGMT-LNS";
> +-----+-----------------+-------------------+----+----------------------
> +-----+-----------------+-------------------+----+----
> -------------+
> | id | groupname | attribute | op | value
> |
> +-----+-----------------+-------------------+----+----------------------
> +-----+-----------------+-------------------+----+----
> -------------+
> | 229 | DEVICE-MGMT-LNS | Framed-IP-Address | !* | ANY
> |
> | 230 | DEVICE-MGMT-LNS | Framed-IP-Netmask | !* | ANY
> |
> | 231 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:tunnel-type=l2tp
> |
> | 232 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:tunnel-id=dev-
> mgmt
> |
> | 235 | DEVICE-MGMT-LNS | Cisco-AVPair | += |
> vpdn:tunnel-password=XXXXXXXXXX |
> | 238 | DEVICE-MGMT-LNS | Cisco-AVPair | += | vpdn:vpn-vrf=XXXXXXXX
> |
> | 239 | DEVICE-MGMT-LNS | Cisco-AVPair | += |
> vpdn:ip-addresses=XXXXXXXXXXX |
> +-----+-----------------+-------------------+----+----------------------
> +-----+-----------------+-------------------+----+----
> -------------+
>
> lns#test aaa group PPPOE-RADIUS-SERVERS test_mgmt_account
> TestAccount new-code User successfully authenticated
>
> USER ATTRIBUTES
>
> addr 0 10.55.0.100
> netmask 0 255.255.255.255
> addr 0 0.0.0.0
> netmask 0 0.0.0.0
> tunnel-type 0 3 [l2tp]
> tunnel-id 0 "dev-mgmt"
> tunnel-password 0 <hidden>
> vpn-vrf 0 "XXXXXXXX"
> ip-addresses 0 "XXXXXXXXXXX"
>
> It looks like it just adds a second set of attributes with values of 0.0.0.0.
>
> Cheers,
>
> GTG
>
> > -----Original Message-----
> > From: Freeradius-Users [mailto:freeradius-users-
> > bounces+ggiesen+freeradius-users=giesen.me at lists.freeradius.org] On
> > Behalf Of Arran Cudbard-Bell
> > Sent: October 1, 2015 2:33 PM
> > To: FreeRadius users mailing list
> > Subject: Re: Operator to remove attributes
> >
> >
> > > On Oct 1, 2015, at 2:24 PM, Gary T. Giesen <ggiesen+freeradius-
> > users at giesen.me> wrote:
> > >
> > > According to the docs:
> > >
> > > http://wiki.freeradius.org/config/Operators
> > >
> > > That is not allowed as a reply item.
> >
> > That document is for rlm_files only (I added a note).
> >
> > you should review man unlang for operator documentation.
> >
> > -Arran
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list