Re: Inserting and/or replacing reply attributes on a proxy request

Jarrod Sayers [EMAIL PROTECTED] wrote: Picture Cisco Aironet 1200's with multiple SSID's, all pointing back to a single instance of FreeRADIUS. The access point is relying on the RADIUS reply to determine if the user should be moved to another SSID and without it, assumes the one they

Re: Inserting and/or replacing reply attributes on a proxy request

Yep. I use attrs.pre-proxy and attrs files to do what they say on the tin. (Strip unwanted pairs pre and post proxy) then I add back in the pairs I want with rewrite rule and/or module (Module order is important here). For example this lets me strip Framed-IP-Address and then add one from

Re: Inserting and/or replacing reply attributes on a proxy request

An example would be handy :) Jarrod. On Mon, 16 Oct 2006, Peter Nixon wrote: Yep. I use attrs.pre-proxy and attrs files to do what they say on the tin. (Strip unwanted pairs pre and post proxy) then I add back in the pairs I want with rewrite rule and/or module (Module order is important

Re: Inserting and/or replacing reply attributes on a proxy request

The concept is close, but the effect I need is silently add or replace these attributes from any proxy reply. While I am slightly concerned that a realm neighbor would have the power to alter what tunnel group they land in, I am also concerned about proxy replies that come back without

Re: Inserting and/or replacing reply attributes on a proxy request

This is trivial to do on CVS head (We are using these features in production). 1.1.3 is pretty limited in this regard.. Cheers Peter On Sun 15 Oct 2006 15:23, Jarrod Sayers wrote: The concept is close, but the effect I need is silently add or replace these attributes from any proxy reply.

Re: Inserting and/or replacing reply attributes on a proxy request

Thanks Peter, any tips on how you have done this? I'll look at upgrading a development box to head today if it means I can resolve this problem. Jarrod. On 16/10/2006, at 12:45 AM, Peter Nixon wrote: This is trivial to do on CVS head (We are using these features in production). 1.1.3

Inserting and/or replacing reply attributes on a proxy request

Hi, I have a FreeRADIUS 1.1.2 box which its only job in life is to proxy requests based on realms, i.e., no local authentication is done. One of the realms is internal to the organisation (lets call that internal.org.com.au) and I trust the variables being returned, however I have no

Re: Inserting and/or replacing reply attributes on a proxy request

Seems to me that you need to know which RADIUS box you sent the proxy request to and which destinations it is allowed to return. Then, you should be able to map any responses which don't match those tuples to proxy-reject with an error indicating that the proxy returned nefarious content.