LDAP Group Default

Alan DeKok aland at deployingradius.com
Sat Nov 19 02:54:22 CET 2016


On Nov 18, 2016, at 8:16 PM, Albert K <alberk at gmail.com> wrote:
> 
> It tried adding this in the Post-Auth of the inner-tunnel but keep getting
> the following error.

  Read "man unlang".  And Alan's example again.

  The unlang parser isn't smart.  You can't just randomly add braces and reformat things.  Follow existing examples.  It really does help.

> ### Added Code
> if(LDAP-Group == "cn=hod,cn=users,dc=smartoptz,dc=com")
>        {update reply

  Why the heck are you putting the { on a new line, smashed up against the "update" text?  Don't do that.

>           {
>                        Tunnel-Type = VLAN,
>                        Tunnel-Medium-Type = IEEE-802,
>                        Tunnel-Private-Group-Id = "30"
>                        }
>        }
>        else
>        { udpate reply  {
>                        Tunnel-Type = VLAN,
>                        Tunnel-Medium-Type = IEEE-802,
>                        Tunnel-Private-Group-Id = "40"
>                        }
>        }

  This is all formatted badly.  Don't do that.

if (LDAP-Group == "cn=hod,cn=users,dc=smartoptz,dc=com") {
update reply {
                       Tunnel-Type = VLAN
                       Tunnel-Medium-Type = IEEE-802
                       Tunnel-Private-Group-Id = "30"
                       }
       }
       else {
       update reply  {
                       Tunnel-Type = VLAN
                       Tunnel-Medium-Type = IEEE-802
                       Tunnel-Private-Group-Id = "40"
                       }
       }

  That will work.

  Alan DeKok.




More information about the Freeradius-Users mailing list