Using NAS-Identifier with login criteria
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sun Apr 12 15:46:47 CEST 2015
Providing your logic - good
Providing your debug output - good
This all helps. Getting to a working state yourself - good :)
However, I'm not sure that you read the debug output to see what the logic was doing. Or you'd see why you had a strange inverse of the idea (you'd also see that the assigning of the NAS identifier does nothing).
As Alan has already said, the ldap_group comparison operator is rather interesting and you really want to do a classic 'c style' negative check ( if !(ldap_group...... ) )
Would seriously advise looking at upgrading to latest 2.2.x - however if you are building from source and only just getting your current solution into place then look at 3.0.x instead. There are big big changes which may hinder a future migration from 2.x so get 3.0.x into place now., not later
alan
More information about the Freeradius-Users
mailing list