Using variables in unlang conditions
Alan DeKok
aland at deployingradius.com
Thu Feb 24 14:51:13 UTC 2022
On Feb 24, 2022, at 5:50 AM, Rahman Duran <rahman.duran at erzurum.edu.tr> wrote:
> I am trying to do some filtering/policing in the authorize section of the
> default virtual server. I need to check source ip matches our Wireless
> Controllers and SSID and username format etc then decide what to do with
> the request. How can I user some kind of alias/variable for our IP address
> block so I should not need to write and update IP addresses multiple places?
You can edit raddb/dictionary to define local attributes. Or, if the values don't change too often (i.e. rarely), you can out them into the configuration files themselves.
> Here sample of what I try to achieve:
>
> //////////////////////
> etu_aruba_wlc_001 = 10.10.243.0/24
> etu_aruba_wlc_002 = 10.10.244.0/24
> etu_aruba_wlc_002 = 10.10.245.0/24
You can just put that at the bottom of radiusd.conf.
Where did you put the above text? Into a configuration file? Which one? Or some other file? If so, how is the server supposed to find it?
> ### 001: Test Wifi Service ###
> *if ((&Packet-Src-IP-Address < ${etu_aruba_wlc_001}) \*
Then that will work.
There are many examples of this.
> Well using variables (${...}) in conditions not working, Freeradius
> daemon not starting with parse error:
>
> /etc/freeradius/3.0/sites-enabled/default[40]:
> ((&Packet-Src-IP-Address < *${etu_aruba_wlc_001})
> * && (&NAS-Port-Type == "Wireless-80...
> /etc/freeradius/3.0/sites-enabled/default[40]: ^
> Failed to parse value for attribute
Because you didn't define "etu_aruba_wlc_001" anywhere.
There are many examples of using variables defined in configuration files. It works. You just have to define the variables in the configuration files...
Alan DeKok.
More information about the Freeradius-Users
mailing list