Reject users based on LDAP attribute
Luo, Frank Y.F. Mr.
luoy at muohio.edu
Thu May 17 15:56:20 CEST 2012
i have a similar situation
$ sudo grep Profile dictionary
ATTRIBUTE Profile 3000 string
$ sudo grep Profile ldap.attrmap
replyItem Profile VPN
$ more default
.....
post-auth {
if (Profile == g1) {
update reply {
class = "ou=g1;"
}
}
But in the log
# Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++? if (Profile == g1)
(Attribute Profile was not found)
? Evaluating (Profile == g1) -> FALSE
++? if (Profile == g1) -> FALSE
I also tried
If (reply:Profile == g1)
Any idea?
Thanks
Frank
On May 17, 2012, at 3:58 AM, C.F. Yeung wrote:
Thanks, it's working.
On Thu, May 17, 2012 at 3:22 PM, Phil Mayers <p.mayers at imperial.ac.uk<mailto:p.mayers at imperial.ac.uk>> wrote:
On 05/17/2012 06:54 AM, C.F. Yeung wrote:
We have 802.1x authentication via AD. It's okay. Now, we would like to
reject users based on LDAP attribute, WLANStatus. Added attribute in
dictionary and ldap.attrmap as follow. Where should I put the unlang?
/etc/raddb/dictionary
ATTRIBUTE My-Local-wlanStatus 3000 string
/etc/raddb/ldap.attrmap
replyItem My-Local-wlanStatus WLANStatus
It's a REPLY item, so this should be:
if (reply:My-Local-wlanStatus == A1) {
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120517/12151546/attachment-0001.html>
More information about the Freeradius-Users
mailing list