Conditionally adding reply pair
Kevin Bonner
keb at pa.net
Tue Sep 19 23:35:21 CEST 2006
On Tuesday 19 September 2006 15:25, Garber, Neal wrote:
> I need to conditionally add a reply pair based upon Huntgroup-Name and a
> custom attribute. Pseudocode follows for what I'm trying to accomplish:
>
>
> If Huntgroup-Name == NetSensory then
> if LDAP-Group-Requirement == "NP-Admin" then
> pairadd(reply, NetSensory-Permission, "npadmin")
> Elsif LDAP-Group-Requirement == "NP-Read" then
> pairadd(reply, NetSensory-Permission, "npread")
> Elsif LDAP-Group-Requirement == "NP-Insight"
> pairadd(reply, NetSensory-Permission, "insight")
> Endif
> Endif
>
>
> I thought about using an external program (e.g., Perl module) in
> post-auth to accomplish this. Is this reasonable or is there a better
> way?
You should be able to do this through the users file:
DEFAULT Huntgroup-Name == "NetSensory", LDAP-Group-Requirement == "NP-Admin"
NetSensory-Permission += "npadmin"
...
Just change the check and reply items where necessary. If you don't expect to
use the NetSensory huntgroup after these lines, you may want to add the
following after all users file entries related to the NetSensory huntrgroup.
DEFAULT Huntgroup-Name == "NetSensory", Auth-Type := Reject
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060919/15d63af2/attachment.pgp>
More information about the Freeradius-Users
mailing list