Client-Shortname Attribute can only be queried, and cannot be assigned.
Alan DeKok
aland at deployingradius.com
Sat Aug 28 00:08:17 CEST 2021
On Aug 27, 2021, at 5:29 PM, Jonathan Davis <jonathan at prioritycolo.com> wrote:
>
> I was scratching my head to understand why, in the authorize section of a virtual server, this worked:
>
> switch Client-Shortname {
See "man unlang". The default is for the "switch" statement to treat Client-Shortname as an attribute reference, if the attribute exists. This is for compatibility with older versions.
So you should really be using
switch &Client-Shortname {
and arguably the server should warn you about *not* including the &. I'll push a fix to highlight this.
> But this did not:
>
> update control {
> Pam-Auth := Client-Shortname
That just assigned the string "Client-Shortname" to the PAM-Auth attribute. If you want the value, you have to use:
PAM-Auth := "%{Client-Shortname}"
or tell the assignment that you're referring to an attribute:
PAM-Auth := &Client-Shortname
> And remembering my previous question, started combing through the docs on unlang, attributes, and hit on run-time variables where it says Client-Shortname is a meta-attributes that can only be queried, and cannot be assigned. Which I take it is why the second one does not work?
No, it's just an artifact of historical issues.
> I can keep going with the switch case, but I am wondering if this is the a bad solution? Can attributes or variables be set at the client level which are accessible? Should I use a dictionary option? I know I need to dig deeper, but a nudge (either towards good, or away from bad) would be appreciated.
It's fine.
Alan DeKok.
More information about the Freeradius-Users
mailing list