Thank you, that work .. Thanx! I'll definately look at upgrading to v3. I did notice that my version was so old. I just took the one our the centos6's repo . -Luc -- !!!!! ( o o ) --------------oOO----(_)----OOo-------------- Luc Paulin email: paulinster(at)gmail.com Skype: paulinster 2017-02-15 12:21 GMT-05:00 Alan DeKok <aland@deployingradius.com>:
On Feb 15, 2017, at 12:15 PM, Luc Paulin <paulinster@gmail.com> wrote:
Ok thanx for your reply .. I think that I now start to better understand how the this work.. So policies need/can be written within the auth so
we
can reject request base on the person's group membership and huntgroup ..
So base on this I made this simple switch case that I added to the authorize section after the ldap module
OK.
However when I test I dont seem to be getting the expecting result.
++[pap] = noop
You're running version 2. Ugh. Why not upgrade to a version of the server which was released in the last 5 years?
Look like the Ldap-Group did found that the user is member of the devopsuser group, which is correct, however, when I do the negative compare (!=) it also return true. I have also tried with "==" got the exact same result,
In v2, you have to do:
if (!(LDAP-Group == "foo")) {
This is fixed in v3. There are a LOT of good reasons for upgrading to v3.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html