Service-Type is in the request. Ivan Kalik Kalik Informatika ISP
Dana 26/6/2008, "David Mitchell" <[EMAIL PROTECTED]> piše: >David Mitchell wrote: >> Ivan Kalik wrote: >>> Update reply with unlang: >>> >>> http://freeradius.org/radiusd/man/unlang.html >> >> Sure, but where? In the 'attrs' file? I tried adding something there and >> it complains: >> >> DEFAULT >> Service-Type := %{proxy-request:Service-Type}, >> # Service-Type == Framed-User, >> # Service-Type == Login-User, >> Login-Service == Telnet, >> >> results in >> /home/mitchell/fr/etc/raddb/attrs[104]: Parse error (reply) for entry >> DEFAULT: Expected end of line or comma >> Errors reading /home/mitchell/fr/etc/raddb/attrs >> >> Is attrs not using unlang? If not, what should I be using instead? It >> does look like unlang gives me what I want, but it's not clear where I >> can use it. > >So I'm closer. I can update things in post-auth using for example: > update reply { > Service-Type := "%{control:Service-Type}" > Reply-Message := "Go Away %{request:User-Name}" > } > >But I can't get %{Service-Type} to expand. I have no idea what happened >to the value I set earlier in the users file. It almost seems like I >should not be using the users file at all and trying to implement my >authz in post-auth using unlang? That doesn't really seem right though. > >-David > >> >> -David >> >>> Ivan Kalik >>> Kalik Informatika ISP >>> >>> >>> Dana 26/6/2008, "David Mitchell" <[EMAIL PROTECTED]> piše: >>> >>>> I should probably add that I can get the Service-Type added using the >>>> 'attrs' file in the post-proxy section. But I want to set the >>>> Service-Type based on the user and huntgroup so that users have either >>>> Administrative-User or Login-User access depending on the user and >>>> device. This doesn't seem to be possible in the attrs file. >>>> >>>> -David >>>> >>>> David Mitchell wrote: >>>>> I've having a problem getting the proper attributes set on my response >>>>> packets when using a proxy. >>>>> >>>>> If I authenticate locally with something like this in users: >>>>> username Cleartext-Password password >>>>> Service-Type = Administrative-User, >>>>> Reply-Message = "Authorized Users Only", >>>>> >>>>> it works fine. The Service-Type and Reply-Message get sent off to the >>>>> NAS and life is good. However, if I activate a NULL realm and proxy the >>>>> authentications out, it no longer works. My users file looks more like >>>>> this: >>>>> DEFAULT >>>>> Service-Type = Administrative-User, >>>>> Reply-Message = "Authorized Users Only", >>>>> >>>>> Judging from the post-proxy-detail and reply-detail logs it looks like >>>>> the proxy server is dropping all the attributes and my server doesn't >>>>> put them back? Is that correct? And is that the way it's supposed to >>>>> work? Thanks in advance, >>>>> >>>>> -David Mitchell >>>>> >>>>> >>>> -- >>>> ----------------------------------------------------------------- >>>> | David Mitchell ([EMAIL PROTECTED]) Network Engineer IV | >>>> | Tel: (303) 497-1845 National Center for | >>>> | FAX: (303) 497-1818 Atmospheric Research | >>>> ----------------------------------------------------------------- >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>>> >>>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/usershtml >> >> > > >-- >----------------------------------------------------------------- >| David Mitchell ([EMAIL PROTECTED]) Network Engineer IV | >| Tel: (303) 497-1845 National Center for | >| FAX: (303) 497-1818 Atmospheric Research | >----------------------------------------------------------------- >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
