Custom, conditional, variable in linelog
Giuseppe Civitella
gcivitella at enter.eu
Fri Feb 16 16:37:07 CET 2018
Hi all,
I use a few virtual servers to define users access to CISCO devices
against their LDAP profile.
In every virtual server I've got:
post-auth {
update {
&reply: += &session-state:
}
reply_log
exec
if
("%{ldap:ldap://127.0.0.1/USER_DN?objectClass?one?(&(dialupAccess=yes)(o=cpe_mpls_15)(cn=%{User-Name}))}")
{
update reply {
&Reply-Message += 'Custom message'
&Cisco-AVPair += 'shell:priv-lvl=15'
My-Ldap-filter := cpe_mpls_15
}
}
log_dyn_clients
In my local dictionary I defined:
ATTRIBUTE My-Ldap-filter 5000 string
I'd like to assign a value to My-Ldap-filter in every if block and
record the value in a log file.
So i defined log_dyn_clients this way:
linelog log_dyn_clients {
filename = ${logdir}/linelog-client-auth-%Y%m%d.log
permissions = 0600
reference = "messages.%{%{reply:Packet-Type}:-default}"
messages {
default = "[Unknown] unknown packet type %{Packet-Type}"
Access-Accept = "[Accept] user: %{User-Name}, client_ip:
%{Packet-Src-IP-Address}, virtual_server: %{Virtual-Server}, attr:
%{My-Ldap-filter}"
Access-Reject = "[Reject] user: %{User-Name}, client_ip:
%{Packet-Src-IP-Address}, virtual_server: %{Virtual-Server}, attr:
%{My-Ldap-filter}"
}
}
Unfortunately I'm not able to get My-Ldap-filter's value in the logs:
[Accept] user: gcivitella, client_ip: 10.200.20.79, virtual_server:
cpe_mpls_srv, attr:
[Accept] user: gcivitella, client_ip: 10.200.20.79, virtual_server:
cpe_mpls_srv, attr:
How could I get the logs I need? Any idea?
Thanks a lot,
Giuseppe
More information about the Freeradius-Users
mailing list