ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

 

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with Mac OS X Server. It is not available on standard Mac OS X (client) installations.

For more information about the manual page format, see the manual page for manpages(5).


rlm_attr_filter(5)                            FreeRADIUS Module                           rlm_attr_filter(5)



NAME
       rlm_attr_filter - FreeRADIUS Module

DESCRIPTION
       The rlm_attr_filter module exists for filtering certain attributes and values in received ( or trans-mitted transmitted
       mitted ) radius packets from ( or to ) remote proxy servers.  It gives the proxier ( us ) a  flexible
       framework  to  filter  the  attributes  we  send to or receive from these remote proxies.  This makes
       sense, for example, in an out-sourced dialup situation to various policy decisions, such as restrict-ing restricting
       ing a client to certain ranges of Idle-Timeout or Session-Timeout.

       Filter  rules  are  defined  and  applied  on  a per-realm basis, where the realm is anything that is
       defined and matched based on the configuration of the rlm_realm module.

       The file that defines the attribute filtering rules follows a  similar  syntax  to  the  users  file.
       There are a few differences however:

           There are no check-items allowed other than the realm.

           There can only be a single DEFAULT entry.

       The  rules  for  each  entry  are parsed to top to bottom, and an attribute must pass *all* the rules
       which affect it in order to make it past the filter.  Order of the rules is important.  The operators
       and their purpose in defining the rules are as follows:

       =      THIS OPERATOR IS NOT ALLOWED.  If used, and warning message is printed and it is treated as ==

       :=     Set, this attribute and value will always be placed in the output A/V Pairs.  If the attribute
              exists, it is overwritten.

       ==     Equal, value must match exactly.

       =*     Always Equal, allow all values for the specified attribute.

       !*     Never Equal, disallow all values for the specified attribute.  ( This is redundant, as any A/V
              Pair not explicitly permitted will be dropped ).

       !=     Not Equal, value must not match.

       >=     Greater Than or Equal

       <=     Less Than or Equal

       >      Greather Than

       <      Less Than

       If regular expressions are enabled the following operators are also possible.  ( Regular  Expressions
       are  included  by default unless your system doesn't support them, which should be rare ).  The value
       field uses standard regular expression syntax.


       =~     Regular Expression Equal

       !~     Regular Expression Not Equal

       See the default /etc/raddb/attrs for working examples of sample rule ordering and how to use the dif-
       ferent operators.

       The main configuration item is:

       attrsfile
              This specifies the location of the file used to load the filter rules.


SECTIONS
       authorization, accounting, preproxy, postproxy


FILES
       /etc/raddb/radiusd.conf /etc/raddb/attrs


SEE ALSO
       radiusd(8), radiusd.conf(5)

AUTHOR
       Chris Parker, cparker@segv.org




                                               3 February 2004                            rlm_attr_filter(5)

Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.