On 2 Jul 2013, at 07:41, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 2 Jul 2013, at 07:18, Phil Mayers <p.mayers@IMPERIAL.AC.UK> wrote:
On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
If a user is not in the secret group, then their login should fail if the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
This is pretty easy:
authorize { ... if (Vendor-3076-Attr-146 == 0x554d44) { if (SQL-Group == secret) { noop } else { reject } } ... }
Actually no. Undefined attributes should not be modified or evaluated. You'll need to find the proper definition for the attribute and add a new dictionary entry.
This may work for 2.x.x but definitely wont't work for 3.0 which uses direct DICT_ATTR pointer comparisons in some places (instead of comparing vendor/attribute number). Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team