Freeradius-Users Digest, Vol 178, Issue 5

Alan DeKok aland at
Mon Feb 3 20:22:10 CET 2020

> On Feb 3, 2020, at 1:41 PM, Ted Hyde (RSI) <thyde at> wrote:
>   Greets - is there a way in unlang to test against attributes created
>   after a 'files' module? Not sure if I'm asking that correctly, so
>   here's what I'm trying to do:

  The attributes are just in one of the lists.  "control" for attributes like Cleartext-Password, or "reply" for attributes added in the reply.

>   I've been testing this out with manually-typed entries in nested
>   if/switch statements with success, however I would "like" to be able to
>   set my own VSA in the users file (or authorize file, since this is FR3)
>   and be able to test against it inside of my default virtual-server:


>>>>>>>> eg "files/authorize" (assuming "My-Allowed-SSID is in the
>   dictionary correctly):
>   myusername  Cleartext-Password := "mypassword"
>           My-Allowed-SSID = "test2"

  Then do:

authorize {
	if (&reply:My-Allowed-SSID == "test2") {

  The power of FreeRADIUS is that the modules are entirely independent.  Once a module is finished, the attributes it added are available to any other module, or to unlang.

>   Is there a way of having a separate "users" file (or files/authorize)
>   that is queried after eap but does double-duty of the authorized_macs
>   and username/pwd? The pwd for an account that has a restricted mac
>   filter will be one-to-one (one mac, one u/p, one SSID combination).

  The "files" module matches on User-Name.  So you can just set up one style of entry for MACs, and another for actual users.

myusername  Cleartext-Password := "mypassword"
          My-Allowed-SSID = "test2"

00:01:02:03:04:04 Cleartext-Password := "00:01:02:03:04:04"

  Alan DeKok.

More information about the Freeradius-Users mailing list