Referencing LDAP/AD attributes in post-auth section

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Aug 3 18:51:28 CEST 2016


> 
> (10)   post-auth {
> (10)     if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" ) {
> (10)     EXPAND %{reply:macAddress}
> (10)        -->
> (10)     EXPAND %{Calling-Station-Id}
> (10)        --> 13-59-F3-A3-94-00
> (10)     if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" )  -> FALSE
> 
> 
> 
> So the variable "reply:macAddress" couldn't correctly expanded.

Because you retrieved the value in request 2, and are using it in request 10.

> I'm using FreeRADIUS Version 3.0.12.

The reply list is request specific, it doesn't carry between requests.

You need to use the session-state list if you're doing EAP and want to build up a list of attributes for authorization.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160803/0f2effae/attachment.sig>


More information about the Freeradius-Users mailing list