How to reject users who don't match unlang
Scott McLane Gardner
sgardne at uark.edu
Tue Mar 13 19:05:49 CET 2012
I have the following in my sites-available/default:
authorize {
...
# Allow only NET Staff members to log into BAND and HAPF
if (Ldap-Group == "NET Staff" && (NAS-IP-Address == "192.168.6.5"
|| NAS-IP-Address == "192.168.6.4")) {
update reply {
Passport-Access-Priority = 6
}
}
# Reject everyone else
elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address ==
"192.168.6.4") {
reject = 1
}
...
What I want is to only allow NET Staff members to log in and reject
everyone else who tries to log into these resources. I'm getting the
following in my log:
Tue Mar 13 12:55:32 2012 : Info: ++? elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") -> TRUE
Tue Mar 13 12:55:32 2012 : Info: ++- entering elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") {...}
Tue Mar 13 12:55:32 2012 : Info: +++- elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") returns notfound
Tue Mar 13 12:55:32 2012 : Info: ++- group authorize returns notfound
What is the correct syntax to reject this way?
More information about the Freeradius-Users
mailing list