freeradius: fallback to default vlan whem proxying to federez

This commit is contained in:
jeltz 2023-07-02 21:26:02 +02:00
parent ddd8c6dcc0
commit 2f4c6a53d8
Signed by: jeltz
GPG key ID: 800882B66C0C3326
3 changed files with 15 additions and 13 deletions

View file

@ -18,7 +18,7 @@ linelog linelog_inner_postauth {
reference = {{ 'messages.%{%{reply:Packet-Type}:-default}' | enquote }}
messages {
Access-Accept = {{ '${...linelog_inner_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id})' | enquote }}
Access-Accept = {{ '${...linelog_inner_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id:-unknown})' | enquote }}
Access-Reject = {{ '${...linelog_inner_prefix} rejected "%{jsonquote:%{User-Name}}" (%{%{Module-Failure-Message}:-unknown})' | enquote }}
default = {{ '${...linelog_inner_prefix} unknown packet type %{Packet-Type}' | enquote }}
}
@ -47,7 +47,7 @@ linelog linelog_outer_postauth {
reference = {{ 'messages.%{%{reply:Packet-Type}:-default}' | enquote }}
messages {
Access-Accept = {{ '${...linelog_outer_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id})' | enquote }}
Access-Accept = {{ '${...linelog_outer_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id:-unknown})' | enquote }}
Access-Reject = {{ '${...linelog_outer_prefix} rejected "%{jsonquote:%{User-Name}}" (%{%{Module-Failure-Message}:-unknown})' | enquote }}
default = {{ '${...linelog_outer_prefix} unknown packet type %{Packet-Type}' | enquote }}
}

View file

@ -38,18 +38,10 @@ server inner-aurore {
}
post-auth {
update outer.session-state {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
}
if (&reply:Tunnel-Private-Group-ID) {
update outer.session-state {
Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
}
} else {
update outer.session-state {
Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
}
}
linelog_inner_postauth
Post-Auth-Type reject {

View file

@ -55,11 +55,21 @@ server outer-aurore {
&& &request:User-Name \
&& (&reply:User-Name == &request:User-Name)) {
update reply {
&User-Name !* ANY
User-Name !* ANY
}
}
update {
reply: += &session-state:
update reply {
Tunnel-Medium-Type := IEEE-802
Tunnel-Type := VLAN
}
if (&session-state:Tunnel-Private-Group-ID) {
update reply {
Tunnel-Private-Group-ID := &session-state:Tunnel-Private-Group-ID
}
} else {
update reply {
Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
}
}
Post-Auth-Type reject {
attr_filter.access_reject