Juniper-Local-User-Name reply attribute
David Aldwinckle
daldwinckle at uwaterloo.ca
Mon Oct 31 16:35:15 CET 2016
Hi Alan,
>> Unfortunately, I can't trick my Juniper SRX device into accepting Cisco-AVPair attributes.
>
> That's by design. Vendor-specific attributes are specific to each vendor.
Heh. That was a joke. Not funny I guess.
> What does the full debug output say? We can make guesses from zero information. Which is why we always ask for the debug output.
The full debug contains a lot of sensitive info, which is why I only send it as a last resort, and after heavy sanitization. I understand that this can be frustrating for you and others who help out on the list. My apologies.
I fixed my problem by modifying the file mods-config/attr_filter/post-proxy and adding the line:
Juniper-Local-User-Name =* ANY
Regards,
Dave
> On Oct 27, 2016, at 3:21 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Oct 27, 2016, at 3:13 PM, Dave Aldwinckle <daldwinc at uwaterloo.ca> wrote:
>> If I change the unlang to the following, the Juniper-Local-User-Name does not appear in the Access-Accept. The rest of the debug output for entering the if statement looks identical.
>>
>> if (&myAttribute == "srx") {
>> update reply {
>> Juniper-Local-User-Name := "limited"
>> Service-Type := Login-User
>> }
>> }
>>
>> I have confirmed that the proper dictionary exists on the server:
>
> Ok...
>
>> Any ideas?
>
> What does the full debug output say? We can make guesses from zero information. Which is why we always ask for the debug output.
>
>> Unfortunately, I can't trick my Juniper SRX device into accepting Cisco-AVPair attributes.
>
> That's by design. Vendor-specific attributes are specific to each vendor.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list