Re: proxy reply attributes
hi, On Fri, 2005-04-22 at 12:46 -0400, Alan DeKok wrote: Tiago Fernandes [EMAIL PROTECTED] wrote: pre-proxy { ... pre_proxy_filter That filters attributes BEFORE the packet is sent to the home server. so with this config, i say that any attributes Tunnel-* in proxy replies packets are removed (i suppose). Don't suppose. Read the debugging output of the server. Is this config right ? What can be the problem ?? Any idea's ?? The config is wrong for what you say you want to do. The debug output of the server would tell you this. right. So what i want is to tell home server to remove some attributes from a reply, if that reply is going to be sent to a specific proxy server. How can i do this ?? can't find any config to do this in radiusd.conf or other file... To debug problems like this, run it in debugging mode, and read the output. All of it. done Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html signature.asc Description: This is a digitally signed message part
Re: proxy reply attributes
hi. i have configured radius.conf with these lines: modules { ... attr_filter pre_proxy_filter{ attrsfile = ${confdir}/attrs_out } ... } pre-proxy { ... pre_proxy_filter ... } config of the file attrs_out: DEFAULT Tunnel-Type !* ANY, Tunnel-Medium-Type !* ANY, Tunnel-Private-Group-ID !* ANY so with this config, i say that any attributes Tunnel-* in proxy replies packets are removed (i suppose). the problem is that freeradius isn't removing any of these attributes. Is this config right ? What can be the problem ?? Any idea's ?? thanks, Tiago Fernandes On Thu, 2005-04-14 at 12:54 -0400, Alan DeKok wrote: Tiago Fernandes [EMAIL PROTECTED] wrote: what i want to know, is if it's possible to configure the freeradius in que proxied servers to only send necessary attributes in replies, even if que attr_filter is configured in the server that is going do send back only allowed attributes. That's what attr_filter does. Use it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html signature.asc Description: This is a digitally signed message part
Re: proxy reply attributes
Tiago Fernandes [EMAIL PROTECTED] wrote: pre-proxy { ... pre_proxy_filter That filters attributes BEFORE the packet is sent to the home server. so with this config, i say that any attributes Tunnel-* in proxy replies packets are removed (i suppose). Don't suppose. Read the debugging output of the server. Is this config right ? What can be the problem ?? Any idea's ?? The config is wrong for what you say you want to do. The debug output of the server would tell you this. To debug problems like this, run it in debugging mode, and read the output. All of it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy reply attributes
On Wed, 2005-04-13 at 12:51 -0400, Alan DeKok wrote: Tiago Fernandes [EMAIL PROTECTED] wrote: I know that it's possible in freeradius to set attributes to a default value when a local freeradius is proxying an auth request (attr_filter). Ok... But what i want to do, is to prevent those attributes from getting out in the proxy reply (like vlan attribute), when a local freeradius A is contacted by an external freeradius B. Have you tried attr_filter? yes... attr_filter comment in radiusd.conf: # attr_filter - filters the attributes received in replies from # proxied servers, to make sure we send back to our RADIUS client # only allowed attributes. so attr_filter work's only for attributes that are received in replies from proxied servers. what i want to know, is if it's possible to configure the freeradius in que proxied servers to only send necessary attributes in replies, even if que attr_filter is configured in the server that is going do send back only allowed attributes. Alan DeKok. thank's Tiago Fernandes signature.asc Description: This is a digitally signed message part
Re: proxy reply attributes
Tiago Fernandes [EMAIL PROTECTED] wrote: what i want to know, is if it's possible to configure the freeradius in que proxied servers to only send necessary attributes in replies, even if que attr_filter is configured in the server that is going do send back only allowed attributes. That's what attr_filter does. Use it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy reply attributes
hi, I know that it's possible in freeradius to set attributes to a default value when a local freeradius is proxying an auth request (attr_filter). But what i want to do, is to prevent those attributes from getting out in the proxy reply (like vlan attribute), when a local freeradius A is contacted by an external freeradius B. Is it possible to do this in freeradius config ?? thanks, Tiago Fernandes signature.asc Description: This is a digitally signed message part