24 Jul
2017
24 Jul
'17
6:19 p.m.
On Jul 24, 2017, at 5:03 PM, Klara Mall <klara.mall@kit.edu> wrote:
I'm doing EAP-TTLS/PAP and I have the following policy in the authorize section of the inner tunnel virtual server (same behaviour when it's in post-auth):
w2vgroupcheck { if("%{Stripped-User-Domain}" =~ /^([^\.]+)\.w2v\.kit\.edu$/) { if ("%{sql:SELECT COUNT(*) FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}" > 0) { if (LDAP-Group == "%{sql:SELECT group_name FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}") {
It's probably the same issue as: https://github.com/FreeRADIUS/freeradius-server/issues/1947 Alan DeKok.