About authorizing only users with specific attributes (post RADIUS proxy)
Alan DeKok
aland at deployingradius.com
Wed Jul 26 13:42:15 CEST 2017
On Jul 26, 2017, at 3:04 AM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
>
> I am building RADIUS Proxy with FreeRADIUS 3.0.4.
Please upgrade to 3.0.15...
> @mydomain.edu -> backendradius.mydomain.com
> All Other domains -> radius.otherdomain.com
That is easy to configure in proxy.conf. Set a realm for @mydomain.edu, and then a DEFAULT realm for the rest. It will just work.
> For mydomain.com only, I would like to authorize users who have a
> specific character string in the RADIUS standard attribute Filter-Id.
>
> In this case, where should we determine the value of Filter-Id in the
> RADIUS response from backendradius.mydomain.com?
In the post-auth section.
> Would you please let me know if you have any reference information,
> such as a conditional expression with unlang.
The configuration files have dozens of examples, and "man unlang" documents it.
if ((Realm == "a") && (reply:Filter-Id == "b")) {
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list