ok. This looks easier Thx A On 8 Apr 2013, at 15:18, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 08/04/13 14:47, Alex Sharaz wrote: >> >> On 8 Apr 2013, at 14:24, a.l.m.bu...@lboro.ac.uk wrote: >> >>> Hi, >>> >>>> In post-auth I want to >>>> >>>> extract the nas-ip address and calling station-id of the client >>>> device open a db connection and perform a query that'll let me >>>> decide what vlan-id to send back in the access-accept packet >>>> write radius attributes into the access-accept reply >>> >>> one more comment...for somethign so 'trivial' I would seriously >>> consider using unlang to do this anyway eg >>> >>> update reply { Tunnel-Private-Group-ID ="%{sql:SELECT vlan from >>> authtable where NAS='%{NAS-IP-Address}' and >>> csi='%{Calling-Station-Id}'}" Tunnel-Medium-Type = IEEE-802 >>> Tunnel-Type = VLAN } >>> >>> ..or such… >>> >> looks neat, but getting the vlan associated with the switch and the >> calling station id isn't that simple. but I'll have a look anyway > > FWIW we use "unlang" and a simple stored procedure that returns a little blob: > > vlan,something,somemore > > ...which we split using a regexp in the next unlang statemenr. This is also a > handy place to check for an empty xlat result (which indicates failure of the > SQL lookup) and do logging, and possibly set "Do-Not-Respond" to allow the > other RADIUS server a chance to succeed the auth. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html