Handle user belongs to 2 LDAP Groups
Alan DeKok
aland at deployingradius.com
Fri Mar 30 13:47:57 CEST 2018
On Mar 30, 2018, at 3:01 AM, luckydog xf <luckydogxf at gmail.com> wrote:
> A weird thing is that I use LDAP to auenticate Network devices and
> SuperMicro Server.
>
> Code talks, see below, SuperMicro presents its NAS IP as 127.0.0.1,while
> Network device isn't.
Having the debug output would also be useful.
> ======== SECTION: post-auth =====================
>
> # Ref NO: 1
> if (&LDAP-Group == "network-2" && &NAS-IP-Address != "127.0.0.1") {
> update reply {
> &Service-Type = "NAS-Prompt-User",
> &Huawei-Exec-Privilege = "2",
> &Login-Service = 50,
>
> }
> }
>
> #Ref NO: 2
> if (&LDAP-Group == "mgmt-console" && &NAS-IP-Address == "127.0.0.1") {
> update reply {
>
> &Attr-26 = 0x483D342C20493D34
> }
> }
>
> #Ref No: 3
> else {
That "else" only applies if (2) doesn't match. What you probably want is:
if (ref1) {
...
} elsif (ref2) {
...
} else { # ref3
...
}
See "man unlang" for more information.
Alan DeKok.
More information about the Freeradius-Users
mailing list