Matching in VSA
Kenroy
bennettk9999 at gmail.com
Fri Apr 14 01:35:26 CEST 2017
If the device has an attribute that sends that information in its request,
you can create a policy that checks that attribute value and the actions
you want.
Regards,
Kenroy
On Thu, Apr 13, 2017 at 7:29 PM, Noah <noah-list at enabled.com> wrote:
> Hi,
>
> Thanks for your response, Alan. More below.
>
> On 4/13/17 12:59 PM, Alan DeKok wrote:
>
>> On Apr 13, 2017, at 3:46 PM, Noah <noah-list at enabled.com> wrote:
>>
>>> I need to be able to match a client request with a specific key. I
>>> generally do this by matching IPs in the clients.conf file.\
>>>
>>
>> Ok...
>>
>> Is there any way to match to a Vendor specific attribute? For instance
>>> if the request comes in from a specific vendor-id in the request I could
>>> match based on that and a specific radius secret key is used for the radius
>>> authentication session.
>>>
>>
>> I'm not sure what that means.
>>
>> For FreeRADIUS, all attributes are just attributes. It doesn't matter
>> if they're "normal" ones or VSAs. All of the attribute matching and
>> comparison is done via standard methods. See "man unlang".
>>
>> if you're asking whether you can match clients based on some
>> information... the answer is "no". Clients are matched based on IP address
>> (or network). See raddb/clients.conf.
>>
>> Alan DeKok.
>>
>>
> Is there any way to configure matching a request to a specific secret
> based on the device type?
>
> Cheers,
>
> Noah
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
> /users.html
>
More information about the Freeradius-Users
mailing list