something like huntgroups?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Jul 2 08:52:13 CEST 2013
On 2 Jul 2013, at 07:41, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 2 Jul 2013, at 07:18, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
>
>> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote:
>>
>>> If a user is not in the secret group, then their login should fail if
>>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request.
>>
>> This is pretty easy:
>>
>> authorize {
>> ...
>> if (Vendor-3076-Attr-146 == 0x554d44) {
>> if (SQL-Group == secret) {
>> noop
>> }
>> else {
>> reject
>> }
>> }
>> ...
>> }
>
> Actually no. Undefined attributes should not be modified or evaluated. You'll need to find the proper definition for the attribute and add a new dictionary entry.
This may work for 2.x.x but definitely wont't work for 3.0 which uses direct DICT_ATTR pointer comparisons in some places (instead of comparing vendor/attribute number).
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list