Authorization question

Larry Ross lfross at ucdavis.edu
Tue Apr 7 20:08:30 CEST 2009


Sounds good, I have made the change to read 

format = "~nadmin:*,User-Name"

added "nadmin" to the dictionary file 

Things at this point are working OK 

[noc_group] Added nadmin: 'NOC' to reply_items
++[noc_group] returns ok

However I can still not get the logic of the unlang statement correct.  As per your suggestion earlier I added the following to the post auth section


#       if (%{request:nadmin} == "NOC") {
 #              update <"reply"> {
#               Reply-Message = 'Noc-Group Match'
#               }
#       }

When un commented I receive

/usr/local/etc/raddb/sites-enabled/default[414]: Parse error after "update"

So I am obviously doing something quite wrong, however I cannot see how to utilize "update" within an if statement (as I only wish for the update to occur with certain accounts)

Thank you

-----Original Message-----
From: freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org [mailto:freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Monday, April 06, 2009 10:27 PM
To: FreeRadius users mailing list
Subject: Re: Authorization question

Larry Ross wrote:
> In my passwd module I have the following. (made sense to have the group
> name appear as if it came from the authenticator... hence the ~)
...
>                 

  Do NOT re-use the "Group-Name" attribute.  That is already used for
Unix groups.

  There's a reason that the "man" page for rlm_passwd uses another name
for the grouping attribute.

> I attempt to utilize this method I fail (Radius will not start as
> currently I am simply trying to append a Reply message when NOC-Group
> scores a hit.
...
>        if (%{request:Group-Name} == "NOC") { 
>               Reply-Message = 'Noc-Group Match'

  It's failing because that is not the correct syntax for adding
attributes.  See the "update" command that is documented in "man unlang"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list