Alternative for rlm_attr_filter for filtering vsa
Alan DeKok
aland at deployingradius.com
Tue Jan 22 15:49:21 CET 2019
On Jan 22, 2019, at 9:44 AM, Thor Spruyt <thor.spruyt at telenet.be> wrote:
>
> In the past, I used rlm_attr_filter to only allow listed attributes to be sent to a home server.
> This worked for both RFC and VSA attributes.
It should still work.
> Based on the changelog, the functionality of rlm_attr_filter changed as of version 3.0.2:
>
> FreeRADIUS 3.0.2 Fri 21 Mar 2014 08:30:00 EDT urgency=medium
> Feature improvements
> * Prevent vendor attributes and RFC space attributes from clashing
> in rlm_attr_filter.
>
> If I understand correctly, it is no longer possible to match a specific VSA.
No, the change log is saying that it *can* match VSAs. Previously, it would erroneously match VSAs to RFC attributes, and vice versa.
> And I can't seem to figure out how to do that with unlang or any other module.
>
> So is there any way to remove all attributes except for a list of allowed attributes (both RFC and VSA)?
attr_filter List the attributes you want it to keep, and it will delete the rest.
Alan DeKok.
More information about the Freeradius-Users
mailing list