Matching in VSA

Noah noah-list at enabled.com
Fri Apr 14 02:49:11 CEST 2017


Kenroy - are there any examples out there of this?

Cheers,

Noah


On 4/13/17 4:35 PM, Kenroy wrote:
> If the device has an attribute that sends that information in its request,
> you can create a policy that checks that attribute value  and the actions
> you want.
>
> Regards,
> Kenroy
>
> On Thu, Apr 13, 2017 at 7:29 PM, Noah <noah-list at enabled.com> wrote:
>
>> Hi,
>>
>> Thanks for your response, Alan.  More below.
>>
>> On 4/13/17 12:59 PM, Alan DeKok wrote:
>>
>>> On Apr 13, 2017, at 3:46 PM, Noah <noah-list at enabled.com> wrote:
>>>
>>>> I need to be able to match a client request with a specific key.  I
>>>> generally do this by matching IPs in the clients.conf file.\
>>>>
>>>
>>>   Ok...
>>>
>>> Is there any way to match to a Vendor specific attribute?  For instance
>>>> if the request comes in from a specific vendor-id in the request I could
>>>> match based on that and a specific radius secret key is used for the radius
>>>> authentication session.
>>>>
>>>
>>>   I'm not sure what that means.
>>>
>>>   For FreeRADIUS, all attributes are just attributes.  It doesn't matter
>>> if they're "normal" ones or VSAs.  All of the attribute matching and
>>> comparison is done via standard methods.  See "man unlang".
>>>
>>>   if you're asking whether you can match clients based on some
>>> information... the answer is "no".  Clients are matched based on IP address
>>> (or network).  See raddb/clients.conf.
>>>
>>>   Alan DeKok.
>>>
>>>
>> Is there any way to configure matching a request to a specific secret
>> based on the device type?
>>
>> Cheers,
>>
>> Noah
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list