dynamic lookup of list entries

James Potter Jim.Potter at jisc.ac.uk
Mon Jan 29 12:22:21 UTC 2024 

Hi Alan,

OK, after a bit of tweaking I got this working:

              Tunnel-Private-Group-ID := "%{config:sites.${client.site}.remote}"
	## mix of quotes, % and $...

Here's my code for completeness:

clients.conf:

sites {
        1 {
                local = 123
                remote = 234
        }
        2 {
                local = 345
                remote = 543
        }
}

client localhost {
        ipaddr = 127.0.0.1
        proto = *
        secret = testing123
        site = 1
}

-----------

Sites-enabled/whatnot:

server eap {
	...
	post-auth {
                   update reply {
                        Tunnel-Type := VLAN
                        Tunnel-Medium-Type := IEEE-802
                        Tunnel-Private-Group-ID := "%{config:sites.${client.site}.remote}"
	    }
	}
}

Thanks,

Jim
Jisc

-----Original Message-----
From: Alan DeKok <aland at deployingradius.com> 
Sent: Friday, January 26, 2024 5:00 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Cc: James Potter <Jim.Potter at jisc.ac.uk>
Subject: Re: dynamic lookup of list entries

[You don't often get email from aland at deployingradius.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

On Jan 26, 2024, at 8:47 AM, James Potter via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Here is the situation I'm trying to get working with FreeRadius, but having tried a load of variations around this I'm still stuck.

  Trying random things is usually an exercise in frustration.

> I have a list of sites with specific VLANs I'd like users to end up on:
>
> sites {
>                1 {
>                                vlan = 234

  I'm presuming you put that into the configuration files somewhere?

> I then have some clients, each with a site assigned:
>
> client cli1 {
>                ipaddr = 1.2.3.4
>                secret = asdfasdf
>                site = 1
> }

  OK, THAT SHOULD BE FINE.

> I'd now like to assign the VLAN from sites, something like:
>
> post-auth {
> update reply {
>                               Tunnel-Private-Group-ID = ${sites[${client.site}].vlan}

  That's close, but not quite correct.  The ${...} syntax is really just a macro replacement for when the server is starting up.  It's not a run-time lookup.

  i.e. when you want "get me client information", you're not ${client}, because that doesn't refer to *any* client.

  What you want is "the current client that the packet comes from", which is %{client:...}

  You also want run-time lookups for the configuration entries, which is %{config:...}

  Putting out all together gets you:

        Tunnel-Private-Group-ID = %{config:sites[%{client.site}].vlan}

  That should work, I think.

  Alan DeKok.

More information about the Freeradius-Users mailing list