Removing reply attributes
Paul Thornton
paul at prt.org
Mon Oct 7 18:46:09 CEST 2019
Hi folks,
A quick unlang question - is there a way to remove all reply attributes
and start again from scratch?
I have some logic similar to the following in the post-auth section
(I've simplified it somewhat for this post) - we've authenticated a
user, but we also know that this is actually a session steering request
from an upstream provider. They don't need or care about the end user's
reply attributes (IP address, service type, etc) - all they want is a
handful of tunnel attributes to deliver it back to us for a second
authentication (from our own router this time, which does care about
such niceties as IP addresses).
if ( (&request:Client-IP-Address =~ /^192\.168\.1\.5/) ) {
update reply {
# Remove existing reply attributes -
they don't care about them.
Framed-IP-Address !* ANY
Framed-MTU !* ANY
Framed-Protocol !* ANY
Framed-Compression !* ANY
Cisco-AVPair !* ANY
# Tunnel information
Tunnel-Type:0 = L2TP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = 192.168.2.2
Tunnel-Client-Auth-Id:0 = 'something'
Tunnel-Password:0 = 'something-else'
}
}
Is there a more elegant way to remove the reply attributes?
Thanks,
Paul.
More information about the Freeradius-Users
mailing list