Reject users based on LDAP attribute

Phil Mayers p.mayers at imperial.ac.uk
Thu May 17 09:22:41 CEST 2012


On 05/17/2012 06:54 AM, C.F. Yeung wrote:
> We have 802.1x authentication via AD. It's okay. Now, we would like to
> reject users based on LDAP attribute, WLANStatus. Added attribute in
> dictionary and ldap.attrmap as follow. Where should I put the unlang?
>
> /etc/raddb/dictionary
> ATTRIBUTE My-Local-wlanStatus 3000 string
>
> /etc/raddb/ldap.attrmap
> replyItem My-Local-wlanStatus WLANStatus
>

It's a REPLY item, so this should be:

if (reply:My-Local-wlanStatus == A1) {
   ...
}


More information about the Freeradius-Users mailing list