Return additional attributes after FreeRADIUS authentication

Question

I would like to return additional attributes in the response after successfully authenticating against radius.

Consider the following:

testuser    Cleartext-Password := "testpassword"

DEFAULT
 Unix-FTP-Shell = "Test"

In sites-enabled/default...

post-auth {

update reply {
        Unix-FTP-Shell := "%{Unix-FTP-Shell}"
    }

When I do radtest testuser testpassword localhost 10 testing123 I get:

Sent Access-Request Id 231 from 0.0.0.0:20227 to 127.0.0.1:1812 length 73
        User-Name = "testuser"
        User-Password = "testpassword"
        NAS-IP-Address = 172.16.200.3
        NAS-Port = 10
        Message-Authenticator = 0x00
        Cleartext-Password = "testpassword"
Received Access-Accept Id 231 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

score 1 · Answer 1 · answered May 24 '18 at 14:58

from the manpage of unlang, Attributes can be referenced with the following syntax:

&Attribute-Name
&Attribute-Name:TAG
&Attribute-Name[NUM]
&<list>:Attribute-Name
&<list>:Attribute-Name:TAG[NUM]

you may try using:

update reply {
   &Unix-FTP-Shell = "%{Unix-FTP-Shell}"
}

If it doesn't work, you may want to run the debugging mode by stopping the service and running freeradius -X | tee /tmp/radiusdebug.log on the foreground to get all the detail possible.

Hope it helps.

Return additional attributes after FreeRADIUS authentication

1 Answers1