这可能看起来很简单,但是在对文档进行大量搜索之后,不幸的是,它并不清楚,因此将不胜感激任何帮助。
简而言之,我想返回一个 VSA 以响应身份验证请求。VSA 是用于虚拟路由器的瞻博网络 VSA,对于供应商 ID 4874 显示为 26-1。在 LDAP 配置中,我有以下适用于标准 RADIUS 属性的内容。
update {
control:Password-With-Header += 'userPassword'
reply:Reply-Message := 'radiusReplyMessage'
reply:Framed-IP-Address := 'radiusFramedIPAddress'
reply:Framed-IP-Netmask := 'radiusFramedIPNetmask'
reply:Framed-MTU := 'radiusFramedMTU'
#reply:Vendor_Specific[1] := 'radiusJuniperVirtualRouter'
# Where only a list is specified as the RADIUS attribute,
# the value of the LDAP attribute is parsed as a valuepair
# in the same format as the 'valuepair_attribute' (above).
control: += 'radiusControlAttribute'
request: += 'radiusRequestAttribute'
reply: += 'radiusReplyAttribute'
}
这返回
[root@ldapm01 sites-available]# radtest -x -4 -P udp testaccount2 password 127.0.0.1 1 testing123
Sent Access-Request Id 193 from 0.0.0.0:46100 to 127.0.0.1:1812 length 82
User-Name = "testaccount2"
User-Password = "password"
NAS-IP-Address = 10.0.0.17
NAS-Port = 1
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Accept Id 193 from 127.0.0.1:1812 to 0.0.0.0:0 length 38
Framed-IP-Address = 10.0.0.2
Framed-IP-Netmask = 255.255.255.255
Framed-MTU = 1500
所以 FreeRADIUS 和 LDAP 正在工作。我需要解决的是
#reply:<Juniper VSA 1> := 'radiusJuniperVirtualRouter'
注意:瞻博网络的可用字典仅支持供应商 ID 2636,因此我必须创建一个新的字典文件。