LDAP group check not working with SQL expansion
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jul 24 23:35:16 CEST 2017
> I'm using FreeRADIUS Version 3.0.12.
>
> I'm doing EAP-TTLS/PAP and I have the following policy in the
> authorize section of the inner tunnel virtual server (same behaviour
> when it's in post-auth):
That's an odd one, feel free to open a GitHub issue.
For a quick workaround, you may be able to copy the value of the expansion to a temporary attribute and use that.
i.e.
update request {
Tmp-String-0 := "%{sql:SELECT group_name FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}"
}
if (LDAP-Group == &Tmp-String-0) {
update reply {
Tunnel-Private-Group-Id := "%{sql:SELECT vlan_id FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}"
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
}
}
Let me know if it works. May give some insight as to what's going on.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170724/e44944c3/attachment.sig>
More information about the Freeradius-Users
mailing list