Ok I got this to work in my freeradius 2.1.x setup. I changed the attribute map to a reply item, then in sites-enabled/default I changed my logic to include reply:My-Local-String along with Alan's ldap.authorize. ldap.authorize if ( Called-Station-Id == "AC-86-74-46-65-91:Peep" && reply:My-Local-String == "A1000" ) { noop } else { reject } -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+clayton.knorr=nuspire.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Monday, May 9, 2016 9:58 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Authorizing using LDAP attributes On May 9, 2016, at 9:29 AM, Clayton Knorr <clayton.knorr@nuspire.com> wrote:
Adding ldap.authorize to the post-auth section didn't seem to change anything except adding a "++[ldap.authorize] returns ok" to the logs
Hmm... it should show it adding the attributes.
Is there a preferred way to do this I can use in version 2.2.x?
Upgrade to 3.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html