Juniper-Local-User-Name reply attribute
Dave Aldwinckle
daldwinc at uwaterloo.ca
Thu Oct 27 21:13:15 CEST 2016
Hi List,
I have the following unlang, which works:
if (&myAttribute == "srx") {
update reply {
Cisco-AVPair := "limited"
Service-Type := Login-User
}
}
The reply attributes are sent in the Access-Accept as expected:
(234) Thu Oct 27 14:56:56 2016: Debug: Sent Access-Accept Id 241 from
IP1 to IP2 length 0
(234) Thu Oct 27 14:56:56 2016: Debug: Cisco-AVPair = "limited"
(234) Thu Oct 27 14:56:56 2016: Debug: Service-Type = Login-User
If I change the unlang to the following, the Juniper-Local-User-Name
does not appear in the Access-Accept. The rest of the debug output for
entering the if statement looks identical.
if (&myAttribute == "srx") {
update reply {
Juniper-Local-User-Name := "limited"
Service-Type := Login-User
}
}
I have confirmed that the proper dictionary exists on the server:
# grep Juniper-Local-User-Name /usr/share/freeradius/dictionary.juniper
ATTRIBUTE Juniper-Local-User-Name 1 string
# radiusd -v
radiusd: FreeRADIUS Version 3.0.10, for host x86_64-redhat-linux-gnu,
built on Oct 5 2015 at 16:30:01
Any ideas?
Unfortunately, I can't trick my Juniper SRX device into accepting
Cisco-AVPair attributes.
Thanks,
Dave
More information about the Freeradius-Users
mailing list