On 7/7/09 16:16, Steven Carr wrote:
> Thanks Ivan, the following in the post-auth section of the default file
> works:
>
>> if ((!reply:Tunnel-Private-Group-ID) || (reply:Tunnel-Private-Group-ID
>> == "")) {
>> update reply {
>> Tunnel-Private-Group-ID = "666"
>> }
>> }
OK for my next part on this subject, this returns the values for all
users regardless of what they are connecting to. Is it possible to
either restrict this value to only be returned to a particular huntgroup
or to remove this value from being returned from the huntgroups that
don't need it.
We are doing 802.1x and only want the 802.1x attributes to be returned
to our cisco switches.
E.g. I have a huntgroup called ciscoswitches which has all of our
switches listed in it. In the users file I have the following
declaration to add the 802.1x attributes:
DEFAULT Huntgroup-Name == "ciscoswitches"
Service-Type = Framed-User,
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Fall-Through = Yes
The "Tunnel-Private-Group-ID" is then added from the post-auth, which is
fine for this huntgroup, but I don't want it there for the rest of them.
Thanks
Steve
--
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
