using Ldap-Group attribute checks in policy.txt

Phil Mayers p.mayers at imperial.ac.uk
Mon Mar 7 18:14:01 CET 2011


On 07/03/11 16:25, Thomas Wunder wrote:
> Hi, i'd like to specify my auth-policies using the rlm_policy module
> (since i like it's obvious flexibility and the cleanness of it's
> policy syntax and because i wasn't able to solve some particular
> problems with rlm_files) but there's one big problem left: until now

Is there any particular reason you are using rlm_policy as opposed to 
the "policies" feature in unlang?

It might not be obvious, but they're different. The latter is newer, 
better supported and configured by editing "raddb/policy.conf" file (in 
default freeradius installs):

policy {
   my-policy {
     ...any unlang ...
   }
}

...then in raddb/sites-/*/*:

authorize {
   my-policy
}

You will probably find that Ldap-Group works with the unlang policy 
stuff, because it works with plain unlang.



More information about the Freeradius-Users mailing list