Hi Hugh,
Thank you for your reply,
Please note that this user share one realm with other subscribers, and also
maybe other realms start with same user name, what I need to do is to configure
this parameter under responding realm, kindly check the below realm
configuration and how we can add additional attribute for some subscribers
which their accounts started with specific characters..
I need to include this configuration under the below handler:
<Handler Realm=/^(512|1024|2048)\.itc\.net\.sa$/>
AuthByPolicy ContinueWhileReject
AuthBy dpool
AuthBy flat
PostAuthHook file:"%D/FixedIP"
PacketTrace
</Handler>
Suppose that user name is 'pizzahu...@1024.itc.net.sa', which's share same
realm, whenever you find 'pizza*' on user name just add other additional
attribute to reply.
AddToReply cisco-avpair = ip:sub-qos-policy-in=ISP_1024_UpStream, cisco-avpair
= ip:sub-qos-policy-out=ISP_1024_DownStream, cisco-avpair =
"lcp:interface-config=description *******> PizzaHut <*******", cisco-avpair =
"lcp:interface-config=ip vrf forwarding PizzaHut", cisco-avpair =
"lcp:interface-config=ip unnumbered loopback 99"
Thank you!
Regards,
-----Original Message-----
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Thursday, January 29, 2015 1:25 AM
To: Mohammed Alhaj Ali
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Additional radius attributes for particular users on
shared realm :: how to?!!
Hello -
The answer to this depends on what else you are doing in your configuration
file.
The simplest way to do it is with Handlers (not Realms) like this:
…….
<Handler User-Name = /^xyz/>
<AuthBy ….>
…..
AddToReply cisco-avpair =
ip:sub-qos-policy-in=ISP_1024_UpStream,
cisco-avpair =
ip:sub-qos-policy-out=ISP_1024_DownStream,
cisco-avpair = "lcp:interface-config=description
*******> XYZ <*******”,
cisco-avpair = "lcp:interface-config=ip vrf forwarding
xyz”,
cisco-avpair = "lcp:interface-config=ip unnumbered
loopback 99”,
Framed-MTU = 1492,
Framed-Protocol = PPP,
Service-Type = Framed-User
</AuthBy>
</Handler>
<Handler>
<AuthBy ….>
…..
</AuthBy>
</Handler>
…..
There are many other possibilities depending on your exact requirements.
regards
Hugh
> On 29 Jan 2015, at 00:32, Mohammed Alhaj Ali <m.al...@itc.sa> wrote:
>
> Hi,
>
> I'd asking how to use AddToReply to add additional radius attributes
> for particular users on shared realm, for example if I've user name start
> with 'xyz' then reply with additional radius attribute to requested NAS, We
> already this configuration on Cisco AAA (car), and now we trying to migrate
> on radiator, below script were applied on CAR please let me know how to
> translate this to radiator configuration file.
>
>
> (tcl script)...
> if { [ string match "xyz*" $userName ] } {
> $response addProfile "PPPoEProfile-XYZ-$realm"
>
> } else {
> $response addProfile "PPPoEProfile-$realm"
>
>
> Attribute profile for any user start with 'xyz'
>
> --> ls
>
> [ //localhost/Radius/Profiles/PPPoEProfile-XYZ-1024.example.com/Attributes ]
> Cisco-AVPair = ip:sub-qos-policy-in=ISP_1024_UpStream
> Cisco-AVPair = ip:sub-qos-policy-out=ISP_1024_DownStream
> Cisco-AVPair = "lcp:interface-config=description *******> XYZ <*******"
> Cisco-AVPair = "lcp:interface-config=ip vrf forwarding xyz"
> Cisco-AVPair = "lcp:interface-config=ip unnumbered loopback 99"
> Framed-MTU = 1492
> Framed-Protocol = PPP
> Service-Type = Framed
>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server anywhere.
SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside,
TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX,
RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
