Last night i also dreamt of sending all VSA to NAS but i was not sure what will be the outcome so thanks for the info.
I have never worked with policies but it seems to be important so i will try to learn the same. Regards Suman On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok <[email protected]>wrote: > Stefan A. wrote: > > If you read it ‚one of the ideas of having different virtual servers is > > separation of policies for different NASses’ you are right. > > > > Suman was asking on how to send several NASses into the same policy. > > The simplest way to do it is to set *generic* policies, and then > re-write them in post-auth. For example, define a "Policy-Name" > attribute in the dictionary, and set it somewhere in the "authorize" > section. Then: > > post-auth { > ... > > if ("%{client:nas_type}" == "foo") { > // map policies for client foo > > } > elsif ("%{client:nas_type}" == "bar") { > // map policies for client bar > } > ... > } > > The underlying issue is that different NAS vendors have defined > different attributes for the same functionality. > > An even simpler solution is to just return all of the VSAs to each > NAS. As was said earlier, each NAS will ignore the ones it doesn't > understand, and apply the ones it does. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
