debug User-Profile
MichaelLeung
gbcbooksmj at gmail.com
Fri Mar 18 05:46:56 CET 2016
how can i get radiusReplyItem from LDAP?
On 03/18/2016 09:25 AM, MichaelLeung wrote:
> any help ?
>
> On 03/17/2016 05:31 PM, MichaelLeung wrote:
>> any reply ?
>>
>> On 03/17/2016 03:20 PM, MichaelLeung wrote:
>>> well , i define a ldap-group check policy
>>>
>>> #
>>> devicemanager_check {
>>> if (Ldap-Group == "DeviceManager") {
>>> update reply {
>>> &User-Profile :=
>>> "cn=DeviceManager,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com"
>>> }
>>> }
>>> elsif (Ldap-Group == "Device_Write") {
>>> update reply {
>>> &Reply-Message += "Welcome,Device Operator"
>>> }
>>> }
>>> elsif (Ldap-Group == "Device_Reivew") {
>>> update reply {
>>> &Reply-Message += "Welcome Device Reviewer"
>>> }
>>> }
>>> else {
>>> update reply {
>>> &Reply-Message += "you are not authorized to
>>> access , please confirm that you have the permission..."
>>> }
>>> reject
>>> }
>>> }
>>>
>>> i am not sure that user override the User-Profile or not.
>>>
>>>
>>> On 03/17/2016 10:56 AM, MichaelLeung wrote:
>>>> hi list
>>>>
>>>> my freeradius version is 3.0.4
>>>>
>>>> i have enabled ldap modules and the radius profile feature of it .
>>>>
>>>> and i need to check the user is in the speacific Ldap-Group, and
>>>> assign the User-Profile which contain all radius Reply-Items in it .
>>>> so when my NAS try to authenticate , i can only see radius -X
>>>> responding :
>>>> (0) Sending Access-Accept packet to host 10.1.1.13 port 1812,
>>>> id=96, length=0
>>>> (0) User-Profile :=
>>>> 'cn=Device_Superior,ou=Admin,ou=Group,dc=gd,dc=abc,dc=com'
>>>> it was not going to print out what reply item the User-Profile
>>>> contained.
>>>> and actually, i define the reply item as
>>>> Huawei-Exec-Privilege := "15"
>>>> it will give the highest admin right to the user belong to Group
>>>> Device_Superior to Operate the Device .
>>>>
>>>> how can i debug the User-Profile?
>>>
>>
>
More information about the Freeradius-Users
mailing list