Tricky problem with ldap and primary groups in AD
Franks Andy (RLZ) IT Systems Engineer
Andy.Franks at sath.nhs.uk
Thu Aug 2 17:40:03 CEST 2012
Hi,
I've got another query to do with this issue.
I'm trying to follow up running an external script that could feasibly
update a control value within freeradius.
It's working fine to push the variable outwards, and recording that
passed variable to a file using the bash redirect >> , however I've not
been successful updating a control attribute. A reply attribute works,
for example "Reply-Message := \"hello fred\"" but (in this example)
My-Local-Integer := <new value> doesn't seem to get back.
I've got
Input_pairs = control
And
Output_pairs = control
in the exec module I'm using (have I misunderstood their usage?)
and am assigning the Reply-Message attribute the value that should be
returned from the script using
update reply {
Reply-Message := "%{control:My-Local-Integer}"
}
so I can see what's happening to the control value which seems to be
working as radtest shows the reply message attribute but doesn't show
that it's been updated.
The output of freeradius -X does produce
Exec-Program-Wait : value-pairs: My-Local-Integer := <newly set value>
but the value never makes it into the control attribute
Perhaps I'm doing something I can't do with control attributes, or am
just doing it wrong, which is much more likely.
I've followed the example of the exec-program-wait script in the docs
folder and it works as stated before for reply attributes, just not
control ones.
Thanks again
Andy
More information about the Freeradius-Users
mailing list