debug User-Profile
MichaelLeung
gbcbooksmj at gmail.com
Thu Mar 17 08:20:49 CET 2016
well , i define a ldap-group check policy
#
devicemanager_check {
if (Ldap-Group == "DeviceManager") {
update reply {
&User-Profile :=
"cn=DeviceManager,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com"
}
}
elsif (Ldap-Group == "Device_Write") {
update reply {
&Reply-Message += "Welcome,Device Operator"
}
}
elsif (Ldap-Group == "Device_Reivew") {
update reply {
&Reply-Message += "Welcome Device Reviewer"
}
}
else {
update reply {
&Reply-Message += "you are not authorized to
access , please confirm that you have the permission..."
}
reject
}
}
i am not sure that user override the User-Profile or not.
On 03/17/2016 10:56 AM, MichaelLeung wrote:
> hi list
>
> my freeradius version is 3.0.4
>
> i have enabled ldap modules and the radius profile feature of it .
>
> and i need to check the user is in the speacific Ldap-Group, and
> assign the User-Profile which contain all radius Reply-Items in it .
> so when my NAS try to authenticate , i can only see radius -X
> responding :
> (0) Sending Access-Accept packet to host 10.1.1.13 port 1812, id=96,
> length=0
> (0) User-Profile :=
> 'cn=Device_Superior,ou=Admin,ou=Group,dc=gd,dc=abc,dc=com'
> it was not going to print out what reply item the User-Profile contained.
> and actually, i define the reply item as
> Huawei-Exec-Privilege := "15"
> it will give the highest admin right to the user belong to Group
> Device_Superior to Operate the Device .
>
> how can i debug the User-Profile?
More information about the Freeradius-Users
mailing list