54
| RADIUS Services
Amigopod 3.7
| Deployment Guide
4. Select
Enter condition expression…
from the Condition drop-down list and enter the following code
in the Expression text field:
return GetUserTraffic(86400) > 10485760 && AccessReject();
5. Click the
Add Attribute
button.
6. Click the
Save Changes
button to apply the new settings to the role.
The GetUserTraffic() function (
“GetUserTraffic()”
in the Reference chapter) returns the total traffic for the
user’s sessions in the past 24 hours (86,400 seconds). If this is greater than 10 MB (10,485,760 bytes), the
AccessReject() function causes the user’s access request to be rejected. Otherwise, the entire expression
will evaluate to false, and the user will be authorized. Note that the attribute will not be included in the
response, as the condition expression was evaluated to false.
Attribute Value Expressions
A PHP expression can also be used to calculate the value that the RADIUS server should return for a
particular attribute.
To use this feature, use one of these two possible syntaxes when entering the value for an attribute:
<?
=
expression
– The PHP expression is evaluated and used as the value for the attribute.
<?php
statement
; – The PHP statement is evaluated. To include a value for the attribute, the statement
must be a return statement; that is,
return expression;
Several predefined functions and variables are available for use in value expressions.
See
“View Display
Expression Technical Reference”
in the Reference chapter for details.
Example: Using Request Attributes in a Value Expression
In this example, the Reply-Message attribute will be modified to greet the user with their username.
1. Create a new role named
Sample role.
2. Click the
Add Attribute
tab.
3. Select the Reply-Message attribute from the drop-down list and enter the following value:
<?
= "
Hello
, " . GetAttr("user-name")
4. Select
Always
from the Condition drop-down list and click the
Add Attribute
button.
5. Click the
Save Changes
button to apply the new settings to the role.
Explanation: See
“GetAttr()”
. This function returns the value of an attribute that was supplied to the
RADIUS server with the Access-Request. Here, the User-Name attribute is retrieved. PHP’s string
concatenation operator (
.
) is used to build a greeting message, which will be used as the value of the
attribute returned to the NAS in the Access-Accept packet.
Example: Location-Specific VLAN Assignment
In this example, the value of a vendor-specific VLAN attribute will be modified based on the NAS to which
visitors are connecting.
A syntax error in the expression or statement will cause all RADIUS authorization requests to fail with an Access-
Reject. To use the RADIUS Debugger feature,
See
“Debug RADIUS Server”
in this chapter to diagnose any
problems with your code in value expressions.
Identical behavior could also be achieved using the following code in the attribute’s value:
<?php return "Hello, " . GetAttr("user-name");
Summary of Contents for Amigopod 3.7
Page 1: ...Amigopod 3 7 Deployment Guide...
Page 14: ...14 Amigopod 3 7 Deployment Guide...
Page 30: ...30 Management Overview Amigopod 3 7 Deployment Guide...
Page 108: ...108 RADIUS Services Amigopod 3 7 Deployment Guide...
Page 132: ...132 Operator Logins Amigopod 3 7 Deployment Guide...
Page 240: ...240 Guest Management Amigopod 3 7 Deployment Guide...
Page 332: ...332 Administrator Tasks Amigopod 3 7 Deployment Guide...
Page 336: ...336 Administrator Tasks Amigopod 3 7 Deployment Guide...
Page 345: ...Amigopod 3 7 Deployment Guide Hotspot Manager 345...
Page 362: ...362 High Availability Services Amigopod 3 7 Deployment Guide...