From: GEANT GN3 JRA3 T1 Date: Tue, 11 Sep 2012 12:37:34 +0000 (+0100) Subject: Policy for injecting operator-name X-Git-Tag: release_3_0_0_beta1~1721^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=006972b14fd173d05741fa4f094987d37d2ef243;p=thirdparty%2Ffreeradius-server.git Policy for injecting operator-name --- diff --git a/raddb/policy.d/operator-name b/raddb/policy.d/operator-name new file mode 100644 index 00000000000..047cb542d47 --- /dev/null +++ b/raddb/policy.d/operator-name @@ -0,0 +1,37 @@ +# +# The following policies are for the Operator-Name +# configuration. +# +# The policies below can be called as just 'oprator-name' (not +# oprator-name.authorize etc..) from the various config sections. +# + +# +# We assume that clients can have the operator-name definition +# in the client.conf, e.g. +# client xxxx { +# ... +# operator-name = 1your.domain +# } +# If this parameter is found for a client, then we add +# an Operator-Name attribute +# +operator-name.authorize { + if ( "%{client:operator-name}" ) { + update request { + Operator-Name = "%{client:operator-name}" + } + } +} + +# +# Before proxing the client add an Operator-Name +# attribute identifying this site if the operator-name is found for this client +# +operator-name.pre-proxy { + if (Packet-Type == Access-Request && "%{client:operator-name}") { + update proxy-request { + Operator-Name := "%{client:operator-name}" + } + } +} diff --git a/raddb/sites-available/default b/raddb/sites-available/default index ab10e0d9e49..b517aeb7355 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -87,6 +87,11 @@ authorize { # 'raddb/huntgroups' files. preprocess + # If you require that the Operator-Name be set + # for your local clients then uncomment the operator-name + # below and set the operator-name for your clients in clients.conf +# operator-name + # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' @@ -589,6 +594,12 @@ post-auth { pre-proxy { # attr_rewrite + # Before proxing the request add an Operator-Name attribute identifying + # if the operator-name is found for this client. + # No need to uncomment this if you have already enabled this in + # the authorize section. +# operator-name + # Uncomment the following line if you want to change attributes # as defined in the preproxy_users file. # files