using Ldap-Group attribute checks in policy.txt

Phil Mayers p.mayers at
Mon Mar 7 18:14:01 CET 2011

On 07/03/11 16:25, Thomas Wunder wrote:
> Hi, i'd like to specify my auth-policies using the rlm_policy module
> (since i like it's obvious flexibility and the cleanness of it's
> policy syntax and because i wasn't able to solve some particular
> problems with rlm_files) but there's one big problem left: until now

Is there any particular reason you are using rlm_policy as opposed to 
the "policies" feature in unlang?

It might not be obvious, but they're different. The latter is newer, 
better supported and configured by editing "raddb/policy.conf" file (in 
default freeradius installs):

policy {
   my-policy {
     ...any unlang ...

...then in raddb/sites-/*/*:

authorize {

You will probably find that Ldap-Group works with the unlang policy 
stuff, because it works with plain unlang.

More information about the Freeradius-Users mailing list