Referencing LDAP/AD attributes in post-auth section
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Aug 3 18:51:28 CEST 2016
>
> (10) post-auth {
> (10) if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" ) {
> (10) EXPAND %{reply:macAddress}
> (10) -->
> (10) EXPAND %{Calling-Station-Id}
> (10) --> 13-59-F3-A3-94-00
> (10) if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" ) -> FALSE
>
>
>
> So the variable "reply:macAddress" couldn't correctly expanded.
Because you retrieved the value in request 2, and are using it in request 10.
> I'm using FreeRADIUS Version 3.0.12.
The reply list is request specific, it doesn't carry between requests.
You need to use the session-state list if you're doing EAP and want to build up a list of attributes for authorization.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160803/0f2effae/attachment.sig>
More information about the Freeradius-Users
mailing list