Class attributes

Satish Patel satish.txt at gmail.com
Tue Oct 31 15:55:15 CET 2017


I am getting this error

if (LDAP-Group == "Group_VPN") {
        update  {
                reply:Class := "OU=Group_VPN"
        }
}
else {
        update  {
                reply:Class := "NoAccess"
}


Tue Oct 31 10:52:38 2017 : Warning:
/etc/raddb/sites-enabled/default[732]: Please change attribute
reference to '&reply:Class := ...'
Tue Oct 31 10:52:38 2017 : Error:
/etc/raddb/sites-enabled/default[734]: Invalid location for 'else'.
There is no preceding 'if' statement
Tue Oct 31 10:52:38 2017 : Error:
/etc/raddb/sites-enabled/default[734]: Failed to parse "else"
subsection.
Tue Oct 31 10:52:38 2017 : Error:
/etc/raddb/sites-enabled/default[705]: Errors parsing post-auth
section.

On Mon, Oct 30, 2017 at 3:15 AM, Lasse Odden <lasse.odden at gmail.com> wrote:
> Try to use;
>
> reply:class := "Name_of_VPNgroup_in_ASA"
>
>
> In examle:
> if (LDAP-Group == "SSL-VPN-Visma-web") {
>         update  {
>                 reply:Class := "Visma-web_Grp"
>         }
> }
> else {
>         update  {
>                 reply:Class := "NoAccess"
> }
>
> regards,
> Lasse
>
> On Mon, Oct 30, 2017 at 6:00 AM, Satish Patel <satish.txt at gmail.com> wrote:
>
>> I am configuring freeradius for Cisco ASA VPN and i have create
>> multiple Group Policy on ASA now i want to send those group name back
>> to NAS using Class Attributes #25  as per following document (they are
>> using Windows IAS)
>>
>> http://www.dasblinkenlichten.com/using-radius-attributes-
>> during-webvpn-logon/
>>
>> Same setup i want to do in Linux Freeradius so where should i definite
>> that attribute? Should i use that in /etc/raddb/user  or
>> /etc/raddb/sites-enabled/default  file in post-auth section?  I did
>> following and i am getting following result but not sure i am doing it
>> right or not
>>
>> post-auth {
>> update reply {
>>                 Class := OU=Group_VPN;
>>         }
>> }
>>
>>
>>
>> Sent Access-Request Id 40 from 0.0.0.0:35534 to 127.0.0.1:1812 length 76
>> User-Name = "user1"
>> User-Password = "password1"
>> NAS-IP-Address = 10.5.3.31
>> NAS-Port = 1812
>> Message-Authenticator = 0x00
>> Cleartext-Password = "password1"
>> Received Access-Accept Id 40 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
>> Class = 0x4f553d47726f75705f56504e3b
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list