something like huntgroups?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Jul 2 08:41:02 CEST 2013
On 2 Jul 2013, at 07:18, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
>
>> If a user is not in the secret group, then their login should fail if
>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
>
> This is pretty easy:
>
> authorize {
> ...
> if (Vendor-3076-Attr-146 == 0x554d44) {
> if (SQL-Group == secret) {
> noop
> }
> else {
> reject
> }
> }
> ...
> }
Actually no. Undefined attributes should not be modified or evaluated. You'll need to find the proper definition for the attribute and add a new dictionary entry.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list