Setting ntlm_auth parameters depending on NAS-IP-Address
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 7 12:05:46 CEST 2014
On 07/05/14 10:03, Antoine Benkemoun wrote:
> Thank you for your answer and sorry for overlooking this.
>
> The syntax that I have added to <RADIUS_ETC_DIR>/sites-enabled/default is the following :
>
> if (NAS-IP-Address == 172.16.2.254) {
> ntlm_group_membership = "S-1-5-21-2281471460-mmmmmm-nnnnnnnnn-1387"
> }
> if (NAS-IP-Address == 172.16.0.200) {
> ntlm_group_membership = "S-1-5-21-2281471460-mmmmmm-nnnnnnnnn-1459"
> }
This is completely wrong. See "man unlang".
You will need to:
1. Define a local attribute in raddb/dictionary
2. Use the correct syntax i.e.
if (...) {
update request {
NTLM-Group-Required := "..."
}
}
More information about the Freeradius-Users
mailing list