Attribute filtering
Alan DeKok
aland at deployingradius.com
Thu Feb 11 22:43:08 CET 2016
On Feb 11, 2016, at 3:43 PM, Alan Batie <alan at peak.org> wrote:
>
> I'm having some trouble with attribute filtering: we're preparing to
> move from router assigned ip addressing to radius pool assignment. For
> initial testing, I thought I'd just add a Pool-Name to the user check
> items for a few test accounts. That doesn't work because the
> Framed-IP-Address that tells the router to do the assignment is added in
> the group reply items, which prevents sqlippool from doing an
> assignment.
ou should be able to remove it for those test users.
> It's probably possible to do a convoluted sql statement in
> the group lookup, but that would be...convoluted. Our solution was to
> just create separate groups for these cases, but I would like to figure
> out how to do overrides like this.
sql
if (test user) {
update reply {
Framed-IP-Address !* ANY
}
update control {
Pool-Name := "pool"
}
sqlippool
}
> What I looked for was an operator to remove an attribute, but that
> doesn't seem to exist - you can only add them.
There are attribute filtering operators. See "man unlang".
> I noticed the attr_filter module, and tried that with:
>
> mods-config/attr_filter/framed_ip_address:
>
> if (&control:Pool-Nmae && &control:Pool-Name != "") {
> Framed-IP-Address !* ANY
> }
Which is "unlang" syntax. The attr_filter module takes a different formant. See the examples shipped with the server.
Alan DeKok.
More information about the Freeradius-Users
mailing list