On 23 Aug 2012, at 11:30, Joachim Brauer <[email protected]> wrote:
> Hi
>
> I have set up a virtual server with
>
> authenticate {
> Auth-Type MS-CHAP {
> update control {
> Proxy-To-Realm := "emea_radius_servers"
> }
> }
> }
> post-auth {
> attr_filter.boa-NX-fwruleuser
> }
> }
>
> and the attr.filter looks like
>
> # Joachim Brauer
> "[email protected]"
> cisco-avpair := "ip:inacl#0=permit ip any 10.1.0.0 255.255.255.224",
> cisco-avpair += "ip:inacl#1=permit ip any 10.2.0.0 255.255.255.224",
> cisco-avpair += "ip:inacl#2=deny ip any any"
>
>
>
>
> However when debugging I see that the 1st cisco-avpair line is processed and
> sent to the NAS and the following 2 lines are NOT sent by freeradius
> My question now: is += not allowed in attrs ? or am I doing s.th. wrong here
> ?
> Purpose is to enrich the RADIUS response with per user cisco-avpair
> values....
> freeradius version is 2.1.12 on RHEL 6.
>
You shouldn't be using the attribute filter to add attributes, that's what the
users file is there for?
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
