How to configure freeradius server to authenticate VSA attribute

Jibin Han J.Han at F5.com
Mon Mar 12 01:41:15 CET 2018


> are you checking the username AND the VSA ?
Yes, the goal is to check both username and VSA.

Here is from the email I just replied:

Here are some examples of our VSA attributes:

              Type        Length      Vendor-Id      Vendor-type    Vendor-length    Value
Attr1       26         <length>       3456                 100                    <len>                 foo
Attr2       26         <length>       3456                 200                    <len>                 bar

The goal is we can configure Freeradius server so that in addition to user/password check:
- server reads all the VSA;
- for any VSA whose Vendor-Id is 3456,
- when Vendor-type is "100", the value must be "foo"; "200", "bar".
- If all above checks are good, sends back accept message; otherwise reject message.

Our RADIUS client inserts the above to the access request message, currently freeradius debug output does not mention these attributes. I need to somehow configure the server and hence ask the question.


-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+j.han=f5.com at lists.freeradius.org> On Behalf Of Alan Buxey
Sent: Sunday, March 11, 2018 1:51 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to configure freeradius server to authenticate VSA attribute

EXTERNAL MAIL: freeradius-users-bounces+j.han=f5.com at lists.freeradius.org

this could be quiet easy to do it you are ONLY expecting the VSA to be present... or are you checking the username AND the VSA ?

but your FR version is horrendously outdated - does your organisation always run software many years out of date??  :(

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list