Reject users based on LDAP attribute

C.F. Yeung yeungcf at gmail.com
Thu May 17 09:58:43 CEST 2012


Thanks, it's working.

On Thu, May 17, 2012 at 3:22 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:

> On 05/17/2012 06:54 AM, C.F. Yeung wrote:
>
>> We have 802.1x authentication via AD. It's okay. Now, we would like to
>> reject users based on LDAP attribute, WLANStatus. Added attribute in
>> dictionary and ldap.attrmap as follow. Where should I put the unlang?
>>
>> /etc/raddb/dictionary
>> ATTRIBUTE My-Local-wlanStatus 3000 string
>>
>> /etc/raddb/ldap.attrmap
>> replyItem My-Local-wlanStatus WLANStatus
>>
>>
> It's a REPLY item, so this should be:
>
> if (reply:My-Local-wlanStatus == A1) {
>  ...
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120517/d4071e43/attachment.html>


More information about the Freeradius-Users mailing list