Javascripting for SBR is a seperate license. I do not know the cost, but I would recommend contacting your Account rep.

What are you attempting to perform with your Javascript scripting?

SBR AAA requirement:-

I want to assign VLAN attributes to AAA auth requests:-

Scenario:-

1 customer at numerous sites but each sites VLAN could be different

multiple customers at 1 site, each requiring their own VLAN

multiple customers at multiple sites with each customer requiring their own unique VLAN per site

example:-

Site1

User - *@customer1.com

VLAN to be assigned is 100

User - *@customer2.com

VLAN to be assigned is 200

We can identify the site by itÍs NAS IP Address = 1.1.1.1

Site2

User - *@customer1.com

VLAN to be assigned is 300

User - *@customer2.com

VLAN to be assigned is 400

We can identify the site by itÍs NAS IP Address = 2.2.2.2

IÍm guessing the script would look something like this, but this scripting is new to me so be gentle J:-

[Settings]

LogLevel=2

ScriptTraceLevel=2

[Script]

SbrWriteToLog("Script VLANAssign initialised");

// nasip = filter.Get("NAS-IP-Address");

username = filter.Get("User-Name");

SbrWriteToLog("NAS IP is '" + nasip + "'");

if (nasip == "1.1.1.1")

if (username == "*@customer1.com")

filter.Replace("Tunnel-Private-Group-ID " , 100);

} else if (nasip == "1.1.1.1")

if (username == "*@customer2.com")

{ // site

vlan = "200";

} else if (nasip == "2.2.2.2")

if (username == "*@customer1.com")

{ // site2

// vlan = "300";

} else if (nasip == "2.2.2.2")

if (username == "*@customer2.com")

{ // site2

// vlan = "400";

filter.Add("Tunnel-Private-Group-ID" , vlan);

return SCRIPT_RET_SUCCESS;

_

I've got a license to run scripting now, and checked my script with scriptcheck, however the script doesn't run for some reason. I assume I need to include the script name is an ini file somewhere, and the only reference I have found is on .pro files, but this AAA will not act as a proxy. Does it need to go in the radius.ini file file or something?

Any help would be appreciated

SBR scripts are contained in JavaScript initialization (.jsi) files.

Script settings for the LDAP authentication plug-in are embedded directly in the ldapauth.aut file.

For scripted realm selection, use the script setting in proxy.ini to declare the name of a JavaScript initialization (.jsi) file

You declare filters by name using the Filters panel of SBR Administrator and declare the name of a JavaScript initialization (.jsi) file containing the script code for the filter.

Thanks

Hi Ashish,

I got this working eventually, and I'll post the answer so that anyone else struggling with this doesn't go through the pain I did.

Basically I got a lot of help from Craig (advanced tech support), and the following achieves my goal.

Create a 'dummy' LDAP auth file and name it anything like LDAP-script.aut and place this file in the servcies folder.

the contents of the file looks like this:-

[Bootstrap]
LibraryName=ldapauth.dll
Enable=1
InitializationString=LDAP-Script

[Settings]
MaxConcurrent=1
Timeout=20
ConnectTimeout=25
QueryTimeout=10
WaitReconnect=2
MaxWaitReconnect=360
;BindName=uid=<User-Name>, ou=sales, o=bigco.com
LogLevel = 2
UpperCaseName = 0
PasswordCase=original
PasswordFormat = 0
SSL = 0
MaxScriptSteps = 10000
ScriptTraceLevel = 2
;FilterSpecialCharacterHandling = 0
;ShutdownTimeout = 1
DelayConnect=1



[Server]
s1=

[Server/s1]
Host=127.0.0.1
Port = 389
;BindName=uid=admin, ou=sales, o=bigco.com
;BindPassword=secret

[Failure]
;Accept=0
;Profile=xyz
;FullName=Remote User

[Request]
%UserName = username
;Service-Type =
;%NASName = nameofnas
%NASAddress = nasip

[Response]
;Filter-Id =
;Session-Timeout =
;%FullName =
;%Password =
Tunnel-Private-Group-ID=myvlan


[Search/bogus]
Base = o=bogus
filter = uid=<username>
Scope = 2

[ScriptTrace]
attr = myvlan
attr = nasip
attr = username



[Script]


SbrWriteToLog("Script VLANAssign initialised");

var n = LdapVariables.Get("nasip");
var u = LdapVariables.Get("UserName");

if (u = "*@harry.com")
{ if (n == "10.1.1.1")
var myvlan = LdapVariables.Add("myvlan","100"); }

if (u = "*@harry.com")
{ if (n == "10.2.2.2")
var myvlan = LdapVariables.Add("myvlan","200"); }

if (n == "10.2.2.2.2")
{ if (u = "*@bob.com")
var myvlan = LdapVariables.Add("myvlan","300"); }

return SCRIPT_RET_SUCCESS;

Restart SBR service

LDAP-Script then appears as an auth type, make it an active type, and add TLS as a method. Move this Auth type up the list and make sure it is above any other EAP-TLS types you may have.

I'm sure there are smarter ways of running the script, with else statements etc, so if any script monkey out there want to show me a better way, then please do.

regards

Andrew

Simplified code:

if ((n == "10.1.1.1") && (u = "*@harry.com"))
{
var myvlan = LdapVariables.Add("myvlan","100");
}
else if (n == "10.2.2.2")
{
if(u = "*@harry.com")
var myvlan = LdapVariables.Add("myvlan","200");

else if (u = "*@bob.com")
var myvlan = LdapVariables.Add("myvlan","300");
}

return SCRIPT_RET_SUCCESS;

Regards,

Raveen