问题
I am using (and enjoying) Freeradius v3 and I have been beating my head against something I am sure the community has already figured out.
I have a custom user attribute defined in the dictionary and included in my authorize file:
me Mygroup :="usergroup", Cleartext-Password := "password1234"
...and I am able to update the reply from the radius server by adding the following to the default site (/etc/freeradius/3.0/sites-available/default)
update reply {
Reply-Message := "additional info"
}
Running a simple radtest from the command line:
radtest me password1234 192.168.x.x 0 $secret
...gives me the following:
Sent Access-Request Id 204 from 0.0.0.0:38090 to 192.168.2.161:1812 length 77
User-Name = "me"
User-Password = "password1234"
NAS-IP-Address = 192.168.x.x
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password1234"
Received Access-Accept Id 204 from 192.168.x.x:1812 to 0.0.0.0:0 length 53
Reply-Message = "additional info"
What variable, command line switch or other should I include to get the "Mygroup" information in the "additional info" section?
I am not trying to boil an ocean, I know there are some pretty involved group/huntgroup/permission configurations for freeradius but all I need is that data in the Reply-Message.
Thanks!
回答1:
If you take a look at this question about how the users file works, you'll see that attributes with that operator, on the first line of a users file entry, get inserted into the control list.
If you want to access that attribute somewhere else, you need to add list qualifier i.e. control:Mygroup.
As you're wanting to insert the value into a string, you need to use the string interpolation syntax (referred to as xlat or string expansions in the FreeRADIUS docs). For simple attribute expansions, you just wrap the attribute name and its qualifiers in %{ and }.
So your final unlang update block would look something like:
update reply {
Reply-Message := "%{control:Mygroup}"
}
来源:https://stackoverflow.com/questions/56918015/returning-custom-user-attributes-in-the-radius-reply