Using NAS-Identifier with login criteria
Brian Boere
brian.boere at netwize.ca
Sun Apr 12 15:15:12 CEST 2015
Thanks for the feedback Alan.
What is the benefit of the change to the Ldap-Group line?
For the line in the sites-available/default, I had seen an example when I was trying to figure this out that had this in it.
I will remove it.
The version that I am using was installed from YAST2 on a SLES11 machine. I applied all of the updates through YAST and figured it was up to date. What is the best process to upgrade to 2.2.6?
I appreciate your input.
Brian
>>> Alan DeKok <aland at deployingradius.com> 4/12/2015 08:54 AM >>>
On Apr 11, 2015, at 9:15 PM, Brian Boere <brian.boere at netwize.ca> wrote:
> What I have done is:
>
> created an area called "my_policy" in the policy.conf file and added the following:
>
> if (NAS-Identifier =~ /Rad_test2/) {
> if ( Ldap-Group != "cn=Corporate Wireless Network,ou=ou,o=org" ) {
For various reasons you'll have to do:
if (!(Ldap-Group == "cn=Corporate Wireless Network,ou=ou,o=org" )) {
That will work better.
> reject
> }
> }
>
> In the /sites-available/default file:
> under authorize:
>
> update request {
> NAS-Identifier = "%{NAS-Identifier}"
> }
Huh? That does nothing useful. Why do you think that's necessary?
> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 28 2014 at 23:17:30
And why 2.1.1? That's almost 7 years old. Use 2.2.6.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list