Checkval weird issue with LDAP backend and PAM authentication

Alan DeKok aland at deployingradius.com
Fri Nov 26 09:31:01 CET 2010


Marco Carcano wrote:
> I RTM unlang, but I have to admit I only got confused - The only thing I
> have understood is to write a simple statement like this (in authorize
> section)
> 
>         if (NAS-Identifier == "ftp" ) {
>                 ok
>         }
>         else {
>                 reject
>         }
> 
> and I think is even wrong because returns always OK :(((((

  And.... what does debug mode say?

> I noticed on some posts people using a syntax like if (NAS-Identifier ==
> %{sql: SELECT ... BLA BLA} )

  See "man unlang".  This is documented.

> but I have not been able to see a working example using ldap, 

if (NAS-Identifier == "%{ldap: ... ldap stuff ... }") {



> thinking at the %{sql:SELECT ...} example I tough I syntax almost like this
> 
>         if (NAS-Identifier ==
> "ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local
> (eckAllowedServices)" ) {

  You didn't use the same form as the SQL example.  The brackets have
*meaning*: %{}

  See "man unlang".

  Alan DeKok.



More information about the Freeradius-Users mailing list