On 7/7/09 16:16, Steven Carr wrote: > Thanks Ivan, the following in the post-auth section of the default file > works: > >> if ((!reply:Tunnel-Private-Group-ID) || (reply:Tunnel-Private-Group-ID >> == "")) { >> update reply { >> Tunnel-Private-Group-ID = "666" >> } >> }
OK for my next part on this subject, this returns the values for all users regardless of what they are connecting to. Is it possible to either restrict this value to only be returned to a particular huntgroup or to remove this value from being returned from the huntgroups that don't need it. We are doing 802.1x and only want the 802.1x attributes to be returned to our cisco switches. E.g. I have a huntgroup called ciscoswitches which has all of our switches listed in it. In the users file I have the following declaration to add the 802.1x attributes: DEFAULT Huntgroup-Name == "ciscoswitches" Service-Type = Framed-User, Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Fall-Through = Yes The "Tunnel-Private-Group-ID" is then added from the post-auth, which is fine for this huntgroup, but I don't want it there for the rest of them. Thanks Steve -- Steven Carr Systems Development Officer SLS/ITS/Systems - (0191) 515 3953
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html