Reject users based on LDAP attribute
Phil Mayers
p.mayers at imperial.ac.uk
Thu May 17 09:22:41 CEST 2012
On 05/17/2012 06:54 AM, C.F. Yeung wrote:
> We have 802.1x authentication via AD. It's okay. Now, we would like to
> reject users based on LDAP attribute, WLANStatus. Added attribute in
> dictionary and ldap.attrmap as follow. Where should I put the unlang?
>
> /etc/raddb/dictionary
> ATTRIBUTE My-Local-wlanStatus 3000 string
>
> /etc/raddb/ldap.attrmap
> replyItem My-Local-wlanStatus WLANStatus
>
It's a REPLY item, so this should be:
if (reply:My-Local-wlanStatus == A1) {
...
}
More information about the Freeradius-Users
mailing list