Matching in VSA

Kenroy bennettk9999 at gmail.com
Fri Apr 14 01:35:26 CEST 2017


If the device has an attribute that sends that information in its request,
you can create a policy that checks that attribute value  and the actions
you want.

Regards,
Kenroy

On Thu, Apr 13, 2017 at 7:29 PM, Noah <noah-list at enabled.com> wrote:

> Hi,
>
> Thanks for your response, Alan.  More below.
>
> On 4/13/17 12:59 PM, Alan DeKok wrote:
>
>> On Apr 13, 2017, at 3:46 PM, Noah <noah-list at enabled.com> wrote:
>>
>>> I need to be able to match a client request with a specific key.  I
>>> generally do this by matching IPs in the clients.conf file.\
>>>
>>
>>   Ok...
>>
>> Is there any way to match to a Vendor specific attribute?  For instance
>>> if the request comes in from a specific vendor-id in the request I could
>>> match based on that and a specific radius secret key is used for the radius
>>> authentication session.
>>>
>>
>>   I'm not sure what that means.
>>
>>   For FreeRADIUS, all attributes are just attributes.  It doesn't matter
>> if they're "normal" ones or VSAs.  All of the attribute matching and
>> comparison is done via standard methods.  See "man unlang".
>>
>>   if you're asking whether you can match clients based on some
>> information... the answer is "no".  Clients are matched based on IP address
>> (or network).  See raddb/clients.conf.
>>
>>   Alan DeKok.
>>
>>
> Is there any way to configure matching a request to a specific secret
> based on the device type?
>
> Cheers,
>
> Noah
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
> /users.html
>


More information about the Freeradius-Users mailing list