something like huntgroups?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jul 2 08:52:13 CEST 2013


On 2 Jul 2013, at 07:41, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 2 Jul 2013, at 07:18, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> 
>> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
>> 
>>> If a user is not in the secret group, then their login should fail if
>>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
>> 
>> This is pretty easy:
>> 
>> authorize {
>> ...
>> if (Vendor-3076-Attr-146 == 0x554d44) {
>>   if (SQL-Group == secret) {
>>     noop
>>   }
>>   else {
>>     reject
>>   }
>> }
>> ...
>> }
> 
> Actually no. Undefined attributes should not be modified or evaluated. You'll need to find the proper definition for the attribute and add a new dictionary entry.

This may work for 2.x.x but definitely wont't work for 3.0 which uses direct DICT_ATTR pointer comparisons in some places (instead of comparing vendor/attribute number).

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list