Referencing LDAP/AD attributes in post-auth section
Stefano Pardini
stefanopardini at gmail.com
Thu Aug 4 09:21:30 CEST 2016
It works!
Thank you very much!
2016-08-03 18:51 GMT+02:00 Arran Cudbard-Bell <a.cudbardb at freeradius.org>:
>>
>> (10) post-auth {
>> (10) if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" ) {
>> (10) EXPAND %{reply:macAddress}
>> (10) -->
>> (10) EXPAND %{Calling-Station-Id}
>> (10) --> 13-59-F3-A3-94-00
>> (10) if ( "%{reply:macAddress}" == "%{Calling-Station-Id}" ) -> FALSE
>>
>>
>>
>> So the variable "reply:macAddress" couldn't correctly expanded.
>
> Because you retrieved the value in request 2, and are using it in request 10.
>
>> I'm using FreeRADIUS Version 3.0.12.
>
> The reply list is request specific, it doesn't carry between requests.
>
> You need to use the session-state list if you're doing EAP and want to build up a list of attributes for authorization.
>
> -Arran
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list