Match on undefined attribute.
Matthew Schumacher
matt.s at aptalaska.net
Thu Jan 9 22:25:52 CET 2020
On 1/9/20 1:08 PM, Alan DeKok wrote:
>> On Jan 9, 2020, at 4:05 PM, Matthew Schumacher <matt.s at aptalaska.net> wrote:
>>
>> I can't seem to write a simple condition to match on a missing attribute. I just want to do this:
>>
>> if( ! &reply:Filter-Id ) {
>> update reply {
>> Vendor-Address-List := foo
>> }
>> }
>>
>>
>> However, that always returns true, even if Filter-Id isn't returned in the Access-Accept.
> What does the debug output show?
>
> That should work.
>
> Alan DeKok.
>
>
(2) # Executing section post-auth from file
/etc/freeradius/raddb/sites-enabled/server
(2) post-auth {
(2) if ( ! &reply:Filter-Id ) {
(2) if ( ! &reply:Filter-Id ) -> TRUE
(2) if ( ! &reply:Filter-Id ) {
(2) update reply {
(2) Vendor-Address-List := foo
(2) } # update reply = noop
(2) } # if ( ! &reply:Filter-Id ) = noop
(2) } # post-auth = noop
In the radius accept I see:
Received Access-Accept Id 206 from 127.0.0.1:1812 to 127.0.0.1:49494
length 71
.....
Filter-Id = "117.in"
Vendor-Address-List = "foo"
....
Anyway,
I found the problem, I am setting Filter-Id in ldap using:
update { reply:Framed-Filter-Id = radiusfilter }
And somewhere long the way radius, translates Framed-Filter-Id to
Filter-Id. Once I changed it to:
update { reply:Filter-Id = radiusfilter }
It works correctly.
I'm not sure why I originally had Framed-Filter-Id, or why radius was
translating as I don't see anything that does that in the config.
Thanks for the help,
schu
More information about the Freeradius-Users
mailing list