unlang post-auth group-name
Cameron Wood
cameron.e.wood at gmail.com
Sun Sep 26 04:08:36 CEST 2010
Thank you Alan B & Alan D for your comments, and I'll make sure to include
the full, complete debug output log in future.
I don't think the logic of my example has changed since my earlier post, but
I admittedly have tried encasing it in %{...} and adding a list to it as
well to try and get it to compare against the right data.
Is the comparison in the right location, in the Authorize section, and if so
am I trying to compare against the wrong attribute, hence it getting
expanded and not returning anything?
Alan D could you shed some light on how the Group-Name attribute in Users is
populated/gets compared when doing checks there?
I suspect from your comment that the field I am trying to check against
since you say it can contain many values "because the user may be a member
of many, many, groups" could be a long string with separators or an array of
values, would this be right? In which case do I need to use a regex method
or access a specific value within an array?
Regards
Cam.
--
On Sun, Sep 26, 2010 at 05:50, Alan DeKok <aland at deployingradius.com> wrote:
> Alan Buxey wrote:
> > Hi,
> >> That wasn't my intention, I thought pasting the entire
> sites-available/default and debug output might be frowned upon.
> >
> > pasting the config file is not necessary. if you read the docs and the
> mailing
> > list history, you will see that posting the full, complete
> > debug output log from 'radiusd -X' is *exactly* what you need to do
> >
> >> ++? if ("%{Group-Name}" == "net_su")
> ...
> > the config file says I should check Group-Name
>
> It says *expand* the value, which is blank as you noted... because
> Group-Name only does comparisons.
>
> And this example is different than what he posted previously. <sigh>
>
> > so, basically, that value isnt net_su - you need to get the right
> > attribute (or ensure it gets populated!) and then your Tmp attribute will
> be set right
> > and everything will be closer to what you want
>
> Group-Name (and Group) don't get populated, because the user may be a
> member of many, many, groups.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100926/b02bd0fd/attachment.html>
More information about the Freeradius-Users
mailing list