debug User-Profile
MichaelLeung
gbcbooksmj at gmail.com
Thu Mar 17 10:31:25 CET 2016
any reply ?
On 03/17/2016 03:20 PM, MichaelLeung wrote:
> well , i define a ldap-group check policy
>
> #
> devicemanager_check {
> if (Ldap-Group == "DeviceManager") {
> update reply {
> &User-Profile :=
> "cn=DeviceManager,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com"
> }
> }
> elsif (Ldap-Group == "Device_Write") {
> update reply {
> &Reply-Message += "Welcome,Device Operator"
> }
> }
> elsif (Ldap-Group == "Device_Reivew") {
> update reply {
> &Reply-Message += "Welcome Device Reviewer"
> }
> }
> else {
> update reply {
> &Reply-Message += "you are not authorized to
> access , please confirm that you have the permission..."
> }
> reject
> }
> }
>
> i am not sure that user override the User-Profile or not.
>
>
> On 03/17/2016 10:56 AM, MichaelLeung wrote:
>> hi list
>>
>> my freeradius version is 3.0.4
>>
>> i have enabled ldap modules and the radius profile feature of it .
>>
>> and i need to check the user is in the speacific Ldap-Group, and
>> assign the User-Profile which contain all radius Reply-Items in it .
>> so when my NAS try to authenticate , i can only see radius -X
>> responding :
>> (0) Sending Access-Accept packet to host 10.1.1.13 port 1812, id=96,
>> length=0
>> (0) User-Profile :=
>> 'cn=Device_Superior,ou=Admin,ou=Group,dc=gd,dc=abc,dc=com'
>> it was not going to print out what reply item the User-Profile contained.
>> and actually, i define the reply item as
>> Huawei-Exec-Privilege := "15"
>> it will give the highest admin right to the user belong to Group
>> Device_Superior to Operate the Device .
>>
>> how can i debug the User-Profile?
>
More information about the Freeradius-Users
mailing list