Using NAS-Identifier with login criteria

Alan DeKok aland at deployingradius.com
Sun Apr 12 14:54:37 CEST 2015


On Apr 11, 2015, at 9:15 PM, Brian Boere <brian.boere at netwize.ca> wrote:
> What I have done is:
> 
> created an area called "my_policy" in the policy.conf file and added the following:
> 
> 	if (NAS-Identifier =~ /Rad_test2/) {
> 	     if ( Ldap-Group != "cn=Corporate Wireless Network,ou=ou,o=org" ) {

  For various reasons you'll have to do:

	if (!(Ldap-Group == "cn=Corporate Wireless Network,ou=ou,o=org" )) {

  That will work better.

> 	         reject
> 	     }
> 	}
> 
> In the /sites-available/default file:
> under authorize:
> 
> 	update request {
> 		NAS-Identifier = "%{NAS-Identifier}"
>                  }

  Huh?  That does nothing useful. Why do you think that's necessary?

> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 28 2014 at 23:17:30

  And why 2.1.1?  That's almost 7 years old.  Use 2.2.6.

  Alan DeKok.




More information about the Freeradius-Users mailing list