About authorizing only users with specific attributes (post RADIUS proxy)
Seiichirou Hiraoka
seiichirou.hiraoka at gmail.com
Thu Jul 27 18:09:40 CEST 2017
Hello Alan,
thank you for your answer.
By writing in the post-auth section, it was the desired behavior.
Best regards,
2017-07-26 20:42 GMT+09:00 Alan DeKok <aland at deployingradius.com>:
> On Jul 26, 2017, at 3:04 AM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
>>
>> I am building RADIUS Proxy with FreeRADIUS 3.0.4.
>
> Please upgrade to 3.0.15...
>
>> @mydomain.edu -> backendradius.mydomain.com
>> All Other domains -> radius.otherdomain.com
>
> That is easy to configure in proxy.conf. Set a realm for @mydomain.edu, and then a DEFAULT realm for the rest. It will just work.
>
>> For mydomain.com only, I would like to authorize users who have a
>> specific character string in the RADIUS standard attribute Filter-Id.
>>
>> In this case, where should we determine the value of Filter-Id in the
>> RADIUS response from backendradius.mydomain.com?
>
> In the post-auth section.
>
>> Would you please let me know if you have any reference information,
>> such as a conditional expression with unlang.
>
> The configuration files have dozens of examples, and "man unlang" documents it.
>
> if ((Realm == "a") && (reply:Filter-Id == "b")) {
> ...
> }
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list