Hi folk,
I am using attribute filter on my radius proxy server to filter
attributes (Tunnel-Type, Tunnel-Medium-Type,
Trapeze-VLAN-Name=Tunnel-Private-Group-Id) received from the home server
for multiple realms (authentification and authorisation attributes are
stored in ldap database).
Let's say for realm "dr4.cnrs.fr" I would like that only VLAN1 and VLAN2
are permitted. So I activated rlm_attr_filter and my attrs file contain
this section:
Service-Type == Login-User,
Proxy-State =* ANY,
.
.
.
Tunnel-Type == VLAN,
Tunnel-Medium-Type == IEEE-802,
Trapeze-VLAN-Name == VLAN1,
Trapeze-VLAN-Name == VLAN2,
Tunnel-Private-Group-Id == VLAN1,
Tunnel-Private-Group-Id == VLAN2,
But It doesn't work unless I set those attributes to * ANY
(Trapeze-VLAN-Name =* ANY, Tunnel-Private-Group-Id = * ANY, ...)
Thanks for help and clues.
--
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4
tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
