Using NAS-Identifier with login criteria

[Brian Boere]

I removed the update request in the sites-available/default as suggested.   
(and just as you said, it did not affect anything) 

Just wanting to confirm something in the Ldap-Group area. 

does the "!" at the begining of your recommended line just switch the result from "True" to "False" (and vice-versa)? 

I made the change, and things stopped working.  When I removed the "!" from your recommended line, things started working again.  
(I did take the original line from an example and honestly not really knowing what the "!" did) 
(end requirement is that if the user is a member of the "Corporate Wireless Network" edirectory group, they are allowed to use the wireless network Rad_test2) 

I will also look into upgrading to at least the most recent version of 2. 

Should I be able to install version 3 and just move my config files over to it? 

Thanks. 

Brian

>>> Alan DeKok <aland at deployingradius.com> 4/12/2015 08:54 AM >>>
On Apr 11, 2015, at 9:15 PM, Brian Boere <brian.boere at netwize.ca> wrote:
> What I have done is:
>
> created an area called "my_policy" in the policy.conf file and added the following:
>
> if (NAS-Identifier =~ /Rad_test2/) {
>      if ( Ldap-Group != "cn=Corporate Wireless Network,ou=ou,o=org" ) {

  For various reasons you'll have to do:

if (!(Ldap-Group == "cn=Corporate Wireless Network,ou=ou,o=org" )) {

  That will work better.

>          reject
>      }
> }
>
> In the /sites-available/default file:
> under authorize:
>
> update request {
> NAS-Identifier = "%{NAS-Identifier}"
>                  }

  Huh?  That does nothing useful. Why do you think that's necessary?

> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 28 2014 at 23:17:30

  And why 2.1.1?  That's almost 7 years old.  Use 2.2.6.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html