dynamic lookup of list entries
Alan DeKok
aland at deployingradius.com
Fri Jan 26 16:59:35 UTC 2024
On Jan 26, 2024, at 8:47 AM, James Potter via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Here is the situation I'm trying to get working with FreeRadius, but having tried a load of variations around this I'm still stuck.
Trying random things is usually an exercise in frustration.
> I have a list of sites with specific VLANs I'd like users to end up on:
>
> sites {
> 1 {
> vlan = 234
I'm presuming you put that into the configuration files somewhere?
> I then have some clients, each with a site assigned:
>
> client cli1 {
> ipaddr = 1.2.3.4
> secret = asdfasdf
> site = 1
> }
OK, THAT SHOULD BE FINE.
> I'd now like to assign the VLAN from sites, something like:
>
> post-auth {
> update reply {
> Tunnel-Private-Group-ID = ${sites[${client.site}].vlan}
That's close, but not quite correct. The ${...} syntax is really just a macro replacement for when the server is starting up. It's not a run-time lookup.
i.e. when you want "get me client information", you're not ${client}, because that doesn't refer to *any* client.
What you want is "the current client that the packet comes from", which is %{client:...}
You also want run-time lookups for the configuration entries, which is %{config:...}
Putting out all together gets you:
Tunnel-Private-Group-ID = %{config:sites[%{client.site}].vlan}
That should work, I think.
Alan DeKok.
More information about the Freeradius-Users
mailing list