Freeradius-Users Digest, Vol 178, Issue 5
Alan DeKok
aland at deployingradius.com
Mon Feb 3 20:22:10 CET 2020
> On Feb 3, 2020, at 1:41 PM, Ted Hyde (RSI) <thyde at rndstudio.com> wrote:
>
> Greets - is there a way in unlang to test against attributes created
> after a 'files' module? Not sure if I'm asking that correctly, so
> here's what I'm trying to do:
The attributes are just in one of the lists. "control" for attributes like Cleartext-Password, or "reply" for attributes added in the reply.
> I've been testing this out with manually-typed entries in nested
> if/switch statements with success, however I would "like" to be able to
> set my own VSA in the users file (or authorize file, since this is FR3)
> and be able to test against it inside of my default virtual-server:
Sure
>>>>>>>> eg "files/authorize" (assuming "My-Allowed-SSID is in the
> dictionary correctly):
>
> myusername Cleartext-Password := "mypassword"
> My-Allowed-SSID = "test2"
Then do:
authorize {
...
files
...
if (&reply:My-Allowed-SSID == "test2") {
...
}
...
}
The power of FreeRADIUS is that the modules are entirely independent. Once a module is finished, the attributes it added are available to any other module, or to unlang.
> Is there a way of having a separate "users" file (or files/authorize)
> that is queried after eap but does double-duty of the authorized_macs
> and username/pwd? The pwd for an account that has a restricted mac
> filter will be one-to-one (one mac, one u/p, one SSID combination).
The "files" module matches on User-Name. So you can just set up one style of entry for MACs, and another for actual users.
myusername Cleartext-Password := "mypassword"
My-Allowed-SSID = "test2"
...
00:01:02:03:04:04 Cleartext-Password := "00:01:02:03:04:04"
...
Alan DeKok.
More information about the Freeradius-Users
mailing list