If in post-auth

seb2020 girard.seb at gmail.com
Wed Jun 15 16:10:14 CEST 2011


Hi !

I have a problem in my post-auth configuration. I have write this with the
help of my other topic in this forum:

update reply {
 Tunnel-Type := VLAN
 Tunnel-Medium-Type := IEEE-802
 Tunnel-Private-Group-Id := "unauthorised"
 Termination-Action := RADIUS-Request
 Session-Timeout := 300
 Acct-Interim-Interval := 3600
}

if ("%{Aruba-Essid-Name}" == "ssid_student") {
       if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+ at students.XXX.ch/) {
               update reply {
                       Tunnel-Private-Group-Id := "std"
                       Aruba-User-Role := "std"
               }
       } else {
               update reply {
                       Tunnel-Private-Group-Id := "std_false"
                       Aruba-User-Role := "std_false"
               }
       }
}
elsif ("%{Aruba-Essid-Name}" == "ssid_staff") {
               if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+ at XXX.ch/) {
                       update reply {
                               Tunnel-Private-Group-Id := "staff"
                               Aruba-User-Role := "staff"
                       }
               } else {
                       update reply {
                               Tunnel-Private-Group-Id := "staff_false"
                               Aruba-User-Role := "staff_false"
                       }
}

And this is the result of radiusd -X :

# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[reply_log]     expand:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/var/log/radius/radacct/153.109.XXX/reply-detail-20110615
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radius/radacct/153.109XXX/reply-detail-20110615
[reply_log]     expand: %t -> Wed Jun 15 15:55:01 2011
++[reply_log] returns ok
++[exec] returns noop
++[reply] returns noop
++? if ("%{Aruba-Essid-Name}" == "ssid_student")
       expand: %{Aruba-Essid-Name} -> ssid_staff
? Evaluating ("%{Aruba-Essid-Name}" == "ssid_student") -> FALSE
++? if ("%{Aruba-Essid-Name}" == "ssid_student") -> FALSE
Sending Access-Accept of id 247 to 153.109.XXX port 32834
       MS-MPPE-Recv-Key =
0x90169c2ffb6f14c1aa01efed861f32c21da05dfb0e43bea0a5b8aa72d63626d6
       MS-MPPE-Send-Key =
0xefa74ededebd9066dadc8b0d369884155e9a73e9685241f408afbdc3e1a8de3e
       EAP-Message = 0x03090004
       Message-Authenticator = 0x00000000000000000000000000000000
       User-Name = "sgistpi"
       Tunnel-Type:0 = VLAN
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Private-Group-Id:0 = "unauthorised"
       Termination-Action = RADIUS-Request
       Session-Timeout = 300
       Acct-Interim-Interval = 3600

Just like it say, Aruba-Essid-Name is : "expand: %{Aruba-Essid-Name} ->
ssid_staff", but it doesn't work with my if. Why is it not going to the
elsif ?

Can you help me ?

Thanks !


-----
>From Switzerland
--
View this message in context: http://freeradius.1045715.n5.nabble.com/If-in-post-auth-tp4491348p4491348.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list