A few questions about radsec

work vlpl thework.vlpl at gmail.com
Tue Feb 19 09:22:30 CET 2019

On Tue, 19 Feb 2019 at 02:47, Alan DeKok <aland at deployingradius.com> wrote:
>   They're just string expansions like anything else.  But you will need to be running the code from GitHub (v3.0.x), because it's not in any release.

I am using the "latest" available version from github, currently it is
`radiusd: FreeRADIUS Version 3.0.18 (git #3e6e385),`
Maybe I need to pass some flag or configuration to compiler, to enable
access to %{listen:...} strings ?

> > authorize {
> >        %{listen:TLS-Client-Cert-Common-Name}
> >        %{listen:TLS-Client-Cert-CN}
> >        %{listen:TLS-Client-Cert-Subject}
> >        %{listen:TLS-Client-Cert-Subject-Alt-Name-Dns}
>   I'm not sure what you expect that to do, even if the expansions worked there.

These 4 lines just for debug purposes, to see that strings values are
"available" for unlang. I am planing/want to use CN or Subject Alt
Name to identify radius clients.

I am understand that  %{listen:...} is a string expansion and not an
attribute list, so I can't print in loop all values that available in
%{listen:...}.  Can I somehow print in debug mode all available values
from %{listen:..} ?

More information about the Freeradius-Users mailing list