Freeradius Unlang Update ?

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

Freeradius Unlang Update ?

Olivier CALVANO
Hello

I have a quick question for simplicity:

Currently I use:

                update reply {
                        tunnel-Server-Endpoint: 0: = '172.16.1.1'
                        tunnel-Client-Auth-Id: 0: = "LAC-172.16.1.1"
                        tunnel-Server-Auth-Id: 0: = "LNS-172.16.1.1"
                        Tunnel-Type: = "L2TP"
                        Tunnel-Medium-Type: = "IPv4"
                        Class: = "FTTH-TLM"
                        Tunnel-Preference !* ""
                        Framed-MTU !* ""
                        Cisco-AVPair !* ""
                        MS-Primary-DNS-Server !* ""
                        MS-Secondary-DNS-Server !* ""
                        Framed-IP-Address !* ""
                        Framed-IP-Netmask !* ""
                        Service-Type !* ""
                        Framed-Protocol !* ""
                        Port-Limit !* ""
                  }


I mostly need to send ONLY the first 5 attributes.
do i have the option to delete all attributes in one command then put the 5
attributes i need?

exemple:
 update reply {
                        * !* ""
                        tunnel-Server-Endpoint: 0: = '172.16.1.1'
                        tunnel-Client-Auth-Id: 0: = "LAC-172.16.1.1"
                        tunnel-Server-Auth-Id: 0: = "LNS-172.16.1.1"
                        Tunnel-Type: = "L2TP"
                        Tunnel-Medium-Type: = "IPv4"
                        Class: = "FTTH-TLM"
  }



thank you for your suggestion

regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius Unlang Update ?

Paul Thornton-2
Hello Olivier,

On 19/11/2020 06:00, Olivier CALVANO wrote:

> I mostly need to send ONLY the first 5 attributes.
> do i have the option to delete all attributes in one command then put the 5
> attributes i need?
>
> exemple:
>   update reply {
>                          * !* ""
>                          tunnel-Server-Endpoint: 0: = '172.16.1.1'
>                          tunnel-Client-Auth-Id: 0: = "LAC-172.16.1.1"
>                          tunnel-Server-Auth-Id: 0: = "LNS-172.16.1.1"
>                          Tunnel-Type: = "L2TP"
>                          Tunnel-Medium-Type: = "IPv4"
>                          Class: = "FTTH-TLM"
>    }

I have asked the same question about a year ago - and Alan replied that
there is no way to do this.  The answer is "do not put the attributes
there if you do not want them in the reply".

I am guessing that you are replying to a session steering request, and
you want to remove everything except the tunnel information.  The way
you have it is, at the moment, the only way to do it.  I do exactly the
same.

Paul.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius Unlang Update ?

Matthew Newton-3
In reply to this post by Olivier CALVANO
On 19/11/2020 06:00, Olivier CALVANO wrote:
>                  update reply {
>                          tunnel-Server-Endpoint: 0: = '172.16.1.1'
>                          tunnel-Client-Auth-Id: 0: = "LAC-172.16.1.1"
>                          tunnel-Server-Auth-Id: 0: = "LNS-172.16.1.1"
>                          Tunnel-Type: = "L2TP"
>                          Tunnel-Medium-Type: = "IPv4"
>                          Class: = "FTTH-TLM"
>                          Tunnel-Preference !* ""
...
>
> I mostly need to send ONLY the first 5 attributes.
> do i have the option to delete all attributes in one command then put the 5
> attributes i need?

Use rlm_attr_filter, see mods-available/attr_filter. You'll need to add
a new entry for access accepts, as there isn't one by default, and add
it to post-auth. See "Post-Auth-Type REJECT", there's one in there already.

Or just don't add the attributes that you don't want to send back in the
first place. By filtering things out it will be easy to accidentally
remove something that you didn't mean to, or it will cause frustration
when you update the system in the future and can't work out why your new
attribute isn't being added.

--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html