Member of Group Check Else REJECT
Neville Collins
nev at itsnev.co.uk
Wed Feb 1 01:57:01 CET 2012
Hi,
I'm trying to check if a user coming from a particular NAS, then check in
that user is also a member of a GROUP associated to that NAS, else REJECT
access.
Authorise sectionŠ..
if(NAS-Identifier == 'OpenVPN' && SQL-GROUP == 'openvpn') {
update reply {
Reply-Message := "OpenVPN AuthCheck OK"
}
reject
}
Š
Wed Feb 1 00:37:59 2012 : Info: ++? if (NAS-Identifier == 'OpenVPN' &&
SQL-GROUP == 'openvpn')
Wed Feb 1 00:37:59 2012 : Info: ? Evaluating (NAS-Identifier == 'OpenVPN' )
-> TRUE
Wed Feb 1 00:37:59 2012 : Info: sql_groupcmp
Wed Feb 1 00:37:59 2012 : Info: expand: %{User-Name} -> nev
Wed Feb 1 00:37:59 2012 : Info: sql_set_user escaped user --> 'nev'
Wed Feb 1 00:37:59 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Wed Feb 1 00:37:59 2012 : Info: expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority -> SELECT groupname FROM radusergroup WHERE
username = 'nev' ORDER BY priority
Wed Feb 1 00:37:59 2012 : Debug: rlm_sql (sql): Released sql socket id: 1
Wed Feb 1 00:37:59 2012 : Info: sql_groupcmp finished: User is NOT a member
of group openvpn
As user 'nev' is not part of group 'openvpn' but is trying to access NAS
'OpenVPN' it should Reject the login and not go any further, but it does
not.
I know I'm missing something, so any help would be greatly appreciated.
Thx
Nev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120201/f766626a/attachment.html>
More information about the Freeradius-Users
mailing list