How to configure freeradius server to authenticate VSA attribute
Jibin Han
J.Han at F5.com
Mon Mar 12 01:41:15 CET 2018
> are you checking the username AND the VSA ?
Yes, the goal is to check both username and VSA.
Here is from the email I just replied:
Here are some examples of our VSA attributes:
Type Length Vendor-Id Vendor-type Vendor-length Value
Attr1 26 <length> 3456 100 <len> foo
Attr2 26 <length> 3456 200 <len> bar
The goal is we can configure Freeradius server so that in addition to user/password check:
- server reads all the VSA;
- for any VSA whose Vendor-Id is 3456,
- when Vendor-type is "100", the value must be "foo"; "200", "bar".
- If all above checks are good, sends back accept message; otherwise reject message.
Our RADIUS client inserts the above to the access request message, currently freeradius debug output does not mention these attributes. I need to somehow configure the server and hence ask the question.
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+j.han=f5.com at lists.freeradius.org> On Behalf Of Alan Buxey
Sent: Sunday, March 11, 2018 1:51 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to configure freeradius server to authenticate VSA attribute
EXTERNAL MAIL: freeradius-users-bounces+j.han=f5.com at lists.freeradius.org
this could be quiet easy to do it you are ONLY expecting the VSA to be present... or are you checking the username AND the VSA ?
but your FR version is horrendously outdated - does your organisation always run software many years out of date?? :(
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list