Using NAS-Identifier with login criteria
Alan DeKok
aland at deployingradius.com
Sun Apr 12 14:54:37 CEST 2015
On Apr 11, 2015, at 9:15 PM, Brian Boere <brian.boere at netwize.ca> wrote:
> What I have done is:
>
> created an area called "my_policy" in the policy.conf file and added the following:
>
> if (NAS-Identifier =~ /Rad_test2/) {
> if ( Ldap-Group != "cn=Corporate Wireless Network,ou=ou,o=org" ) {
For various reasons you'll have to do:
if (!(Ldap-Group == "cn=Corporate Wireless Network,ou=ou,o=org" )) {
That will work better.
> reject
> }
> }
>
> In the /sites-available/default file:
> under authorize:
>
> update request {
> NAS-Identifier = "%{NAS-Identifier}"
> }
Huh? That does nothing useful. Why do you think that's necessary?
> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 28 2014 at 23:17:30
And why 2.1.1? That's almost 7 years old. Use 2.2.6.
Alan DeKok.
More information about the Freeradius-Users
mailing list