radiusExpiration attirbute declared in the LdapGroup

Alexander Clouter alex at digriz.org.uk
Fri Oct 9 09:31:37 CEST 2009


Hi,

aangles <aav_1984 at hotmail.com> wrote:
> 
> I would Like to know if there is a way to define an expiration time for all
> those users which belong to an LDAP Group, instead of defining this
> attribute for each of those users?
> 
> Moreover, after expiration time , RADIUS send an access-reject to the user.
> Is there any tool or something that send a message to the wifi users  in a
> "windows form"?
> 
I think you have two options, some LDAP xlat'ing after you have called 
your LDAP autz module based around 'control:Ldap-UserDn' or 
alternatively (and probably better) is just to use some unlang to say:
----
if (LDAP-Group == blah) {
	update control {
		Expiration := "<wibble>"
	}
}
----

Then called the 'expiration' module after that.

Cheers

-- 
Alexander Clouter
.sigmonster says: Life is the urge to ecstasy.




More information about the Freeradius-Users mailing list