Hi -
In that case I would use a separate AuthBy FILE something like this:
…..
<AuthBy FILE>
Identifier prefixforciscoavpair
Filename %D/PrefixForCiscoAVPair
</AuthBy>
<Handler Realm=/^(512|1024|2048)\.itc\.net\.sa$/>
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
AuthBy dpool
AuthBy flat
PostAuthHook file:"%D/FixedIP"
PacketTrace
</AuthBy>
AuthBy prefixforciscoavpair
</AuthBy>
</Handler>
…..
The contents of the file PrefixForCiscoAVPair would look something like this:
# PrefixForCiscoAVPair
# Add reply attributes only for certain usernames
DEFAULT User-Name = /^pizza/
AddToReply cisco-avpair = ip:sub-qos-policy-in=ISP_1024_UpStream,
cisco-avpair = ip:sub-qos-policy-out=ISP_1024_DownStream,
cisco-avpair = "lcp:interface-config=description *******> PizzaHut
<*******”,
cisco-avpair = "lcp:interface-config=ip vrf forwarding PizzaHut”,
cisco-avpair = "lcp:interface-config=ip unnumbered loopback 99”
DEFAULT Auth-Type = Accept
hope that helps
regards
Hugh
> On 29 Jan 2015, at 23:42, Mohammed Alhaj Ali <[email protected]> wrote:
>
> Hi Hugh,
>
> Thank you for your reply,
>
> Please note that this user share one realm with other subscribers, and also
> maybe other realms start with same user name, what I need to do is to
> configure this parameter under responding realm, kindly check the below realm
> configuration and how we can add additional attribute for some subscribers
> which their accounts started with specific characters..
>
>
> I need to include this configuration under the below handler:
>
> <Handler Realm=/^(512|1024|2048)\.itc\.net\.sa$/>
> AuthByPolicy ContinueWhileReject
> AuthBy dpool
> AuthBy flat
> PostAuthHook file:"%D/FixedIP"
> PacketTrace
> </Handler>
>
>
> Suppose that user name is '[email protected]', which's share same
> realm, whenever you find 'pizza*' on user name just add other additional
> attribute to reply.
>
> AddToReply cisco-avpair = ip:sub-qos-policy-in=ISP_1024_UpStream,
> cisco-avpair = ip:sub-qos-policy-out=ISP_1024_DownStream, cisco-avpair =
> "lcp:interface-config=description *******> PizzaHut <*******", cisco-avpair =
> "lcp:interface-config=ip vrf forwarding PizzaHut", cisco-avpair =
> "lcp:interface-config=ip unnumbered loopback 99"
>
>
>
> Thank you!
>
>
> Regards,
>
>
>
>
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[email protected]]
> Sent: Thursday, January 29, 2015 1:25 AM
> To: Mohammed Alhaj Ali
> Cc: [email protected]
> Subject: Re: [RADIATOR] Additional radius attributes for particular users on
> shared realm :: how to?!!
>
>
> Hello -
>
> The answer to this depends on what else you are doing in your configuration
> file.
>
> The simplest way to do it is with Handlers (not Realms) like this:
>
>
> …….
>
> <Handler User-Name = /^xyz/>
> <AuthBy ….>
> …..
> AddToReply cisco-avpair =
> ip:sub-qos-policy-in=ISP_1024_UpStream,
> cisco-avpair =
> ip:sub-qos-policy-out=ISP_1024_DownStream,
> cisco-avpair = "lcp:interface-config=description
> *******> XYZ <*******”,
> cisco-avpair = "lcp:interface-config=ip vrf forwarding
> xyz”,
> cisco-avpair = "lcp:interface-config=ip unnumbered
> loopback 99”,
> Framed-MTU = 1492,
> Framed-Protocol = PPP,
> Service-Type = Framed-User
> </AuthBy>
> </Handler>
>
> <Handler>
> <AuthBy ….>
> …..
> </AuthBy>
> </Handler>
>
> …..
>
>
> There are many other possibilities depending on your exact requirements.
>
> regards
>
> Hugh
>
>
>> On 29 Jan 2015, at 00:32, Mohammed Alhaj Ali <[email protected]> wrote:
>>
>> Hi,
>>
>> I'd asking how to use AddToReply to add additional radius attributes
>> for particular users on shared realm, for example if I've user name start
>> with 'xyz' then reply with additional radius attribute to requested NAS, We
>> already this configuration on Cisco AAA (car), and now we trying to migrate
>> on radiator, below script were applied on CAR please let me know how to
>> translate this to radiator configuration file.
>>
>>
>> (tcl script)...
>> if { [ string match "xyz*" $userName ] } {
>> $response addProfile "PPPoEProfile-XYZ-$realm"
>>
>> } else {
>> $response addProfile "PPPoEProfile-$realm"
>>
>>
>> Attribute profile for any user start with 'xyz'
>>
>> --> ls
>>
>> [ //localhost/Radius/Profiles/PPPoEProfile-XYZ-1024.example.com/Attributes ]
>> Cisco-AVPair = ip:sub-qos-policy-in=ISP_1024_UpStream
>> Cisco-AVPair = ip:sub-qos-policy-out=ISP_1024_DownStream
>> Cisco-AVPair = "lcp:interface-config=description *******> XYZ <*******"
>> Cisco-AVPair = "lcp:interface-config=ip vrf forwarding xyz"
>> Cisco-AVPair = "lcp:interface-config=ip unnumbered loopback 99"
>> Framed-MTU = 1492
>> Framed-Protocol = PPP
>> Service-Type = Framed
>>
>>
>>
>>
>> _______________________________________________
>> radiator mailing list
>> [email protected]
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> [email protected]
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS,
> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
