LDAP Groups to Freeradius and then Ruckus Wireless?

Enrique Sainz Baixauli enriquesainz.beca at intef.educacion.es
Wed Jun 11 16:20:06 CEST 2014


>> I am totally unsure what was going on with that Foreach-Variable-# 
>> thing, but it seems to be working fine now. I was following Arran's 
>> advice in [1] to try to minimize calls to ldap when Foreach-Variable-1 
>> was empty all of a sudden, so I switched to Foreach-Variable-0 and 
>> everything started working fine.
>
>  I'm really not sure what that means.  You are aware that
> Foreach-Variable-0 and Foreach-Variable-1 are different, right?
>
>  Foreach-Variable-0 is for the FIRST loop.  Foreach-Variable-1 is for the
second NESTED loop.
>
>  If you use Foreach-Variable-1 inside of one loop, it won't refer to
anything, and it won't exist.
>
>  Alan DeKok.

That's what I mean. I had to use Foreach-Variable-1 (and it worked) but I
wasn't nesting loops. I had only one loop in post-auth, but when
authenticating with EAP-PEAP the group info was in Foreach-Variable-0 and
when I used EAP-TLS it was in Foreach-Variable-1 (and segfaulted if I tried
to access Foreach-Variable-0). Now, after optimizing ldap calls with cache,
it's always in Foreach-Variable-0 (where it should have always been).

If you can make any sense out of it, please explain because I have
absolutely no idea. 



More information about the Freeradius-Users mailing list