Ivan Kalik wrote:
> reply:Tmp-String-0
Whoops.. that's my typo.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8/7/09 16:21, Ivan Kalik wrote:
>>> e.g. map it to Tmp-String-0, (ldap.attrmap), and then do:
>>>
>>>
>>> if (... i want to send vlan) {
>>> update reply {
>>> Tunnel-Private-Group-Id = "%{Tmp-String-0}"
>
> reply:Tmp-String-0
Pants! I was almost certain I
>>
>> e.g. map it to Tmp-String-0, (ldap.attrmap), and then do:
>>
>>
>> if (... i want to send vlan) {
>> update reply {
>> Tunnel-Private-Group-Id = "%{Tmp-String-0}"
reply:Tmp-String-0
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe?
On 8/7/09 15:07, Alan DeKok wrote:
> You can map that VLAN number to a server-side attribute. Then, copy
> it to the correct tunnel attribute when you want.
>
> e.g. map it to Tmp-String-0, (ldap.attrmap), and then do:
>
>
> if (... i want to send vlan) {
> update reply
Steven Carr wrote:
> That is the issue, I do not know what attributes we do want, only what
> we don't want.
If you don't want the attributes, it would be simplest to not add them
in the first place.
> We only want to send back the VLAN switching dot1x attributes if the
> request comes from a p
On 8/7/09 14:36, Ivan Kalik wrote:
> Well, reply attributes don't appear from nowhere - *you* configure them!
> List what you want to leave in the packet (lets say Service-Type) - rest
> will be deleted.
That is the issue, I do not know what attributes we do want, only what
we don't want.
We only
> On 8/7/09 14:19, Ivan Kalik wrote:
>> Obviously not. There is no wildcard. If you want wildcard use attribute
>> filter instead of update reply.
>
> Tried that too, but the attribute filter only seems to allow you to
> filter on items that you want to be returned, rather than filter out
> those t
On 8/7/09 14:19, Ivan Kalik wrote:
> Obviously not. There is no wildcard. If you want wildcard use attribute
> filter instead of update reply.
Tried that too, but the attribute filter only seems to allow you to
filter on items that you want to be returned, rather than filter out
those that you don
> Is it not possible to use something like...
>
> if ((!Huntgroup-Name) || (Huntgroup-Name != "ciscoswitches")) {
> update reply {
> Tunnel-Private-Group-ID -=
> Tunnel-Type -=
> Tunnel-Medium-Type -=
>
On 8/7/09 08:18, Steven Carr wrote:
> On 7/7/09 17:01, Ivan Kalik wrote:
>> Yes.
>>
>> if(((!reply:...) || (reply:... = "")) && Huntgroup-Name = "whatever")
>
> This works for those users that have the attribute set as a fallback
> measure but how do I stop it from returning the attribute when it
> On 7/7/09 17:01, Ivan Kalik wrote:
>> Yes.
>>
>> if(((!reply:...) || (reply:... = "")) && Huntgroup-Name = "whatever")
>
> This works for those users that have the attribute set as a fallback
> measure but how do I stop it from returning the attribute when it was
> retrieved from LDAP, again I on
On 7/7/09 17:01, Ivan Kalik wrote:
> Yes.
>
> if(((!reply:...) || (reply:... = "")) && Huntgroup-Name = "whatever")
This works for those users that have the attribute set as a fallback
measure but how do I stop it from returning the attribute when it was
retrieved from LDAP, again I only want thi
>> Thanks Ivan, the following in the post-auth section of the default file
>> works:
>>
>>> if ((!reply:Tunnel-Private-Group-ID) || (reply:Tunnel-Private-Group-ID
>>> == "")) {
>>> update reply {
>>> Tunnel-Private-Group-ID = "666"
>>> }
>>> }
>
>
On 7/7/09 16:16, Steven Carr wrote:
> Thanks Ivan, the following in the post-auth section of the default file
> works:
>
>> if ((!reply:Tunnel-Private-Group-ID) || (reply:Tunnel-Private-Group-ID
>> == "")) {
>> update reply {
>> Tunnel-Private-Group-ID = "66
On 7/7/09 16:04, Ivan Kalik wrote:
> OK, try:
>
> if (!reply:Tunnel-Private-Group-ID)
>
> that should cover the case when there is no ldap attribute in user
> profile. If attribute can be empty or missing you will need to OR those
> two expessions.
Thanks Ivan, the following in the post-auth sec
>>> Use unlang. Put something like this in post-auth:
>>>
>>> if(reply:Tunnel-Private-Group-ID == "") {
>>> update reply {
>>> Tunnel-Private-Group-ID = "666"
>>> }
>>> }
>>
>> I've tried this in both the default and inner-tunnel post-auth sections
>> and neither returned the va
On 7/7/09 15:48, Steven Carr wrote:
> Hi Ivan
>
> On 7/7/09 14:29, Ivan Kalik wrote:
>> Use unlang. Put something like this in post-auth:
>>
>> if(reply:Tunnel-Private-Group-ID == "") {
>> update reply {
>> Tunnel-Private-Group-ID = "666"
>> }
>> }
>
> I've tried this in both
Hi Ivan
On 7/7/09 14:29, Ivan Kalik wrote:
> Use unlang. Put something like this in post-auth:
>
> if(reply:Tunnel-Private-Group-ID == "") {
> update reply {
> Tunnel-Private-Group-ID = "666"
> }
> }
I've tried this in both the default and inner-tunnel post-auth sections
and
> I have the following line in my ldap.attrmap file to pull back a users
> VLAN assignment:
>
>> replyItemTunnel-Private-Group-ID destinationIndicator
>
> The users file contains the following:
>
>> DEFAULT Ldap-Group == "allowed-access"
>> Service-Type = Framed-User,
>> Tunnel-Type =
Hi list,
I have the following line in my ldap.attrmap file to pull back a users
VLAN assignment:
> replyItem Tunnel-Private-Group-ID destinationIndicator
The users file contains the following:
> DEFAULT Ldap-Group == "allowed-access"
> Service-Type = Framed-User,
> Tunnel-Type =
20 matches
Mail list logo