debug User-Profile
MichaelLeung
gbcbooksmj at gmail.com
Fri Mar 18 02:25:05 CET 2016
any help ?
On 03/17/2016 05:31 PM, MichaelLeung wrote:
> any reply ?
>
> On 03/17/2016 03:20 PM, MichaelLeung wrote:
>> well , i define a ldap-group check policy
>>
>> #
>> devicemanager_check {
>> if (Ldap-Group == "DeviceManager") {
>> update reply {
>> &User-Profile :=
>> "cn=DeviceManager,ou=Admin,ou=Group,dc=gd,dc=quantum-info,dc=com"
>> }
>> }
>> elsif (Ldap-Group == "Device_Write") {
>> update reply {
>> &Reply-Message += "Welcome,Device Operator"
>> }
>> }
>> elsif (Ldap-Group == "Device_Reivew") {
>> update reply {
>> &Reply-Message += "Welcome Device Reviewer"
>> }
>> }
>> else {
>> update reply {
>> &Reply-Message += "you are not authorized to
>> access , please confirm that you have the permission..."
>> }
>> reject
>> }
>> }
>>
>> i am not sure that user override the User-Profile or not.
>>
>>
>> On 03/17/2016 10:56 AM, MichaelLeung wrote:
>>> hi list
>>>
>>> my freeradius version is 3.0.4
>>>
>>> i have enabled ldap modules and the radius profile feature of it .
>>>
>>> and i need to check the user is in the speacific Ldap-Group, and
>>> assign the User-Profile which contain all radius Reply-Items in it .
>>> so when my NAS try to authenticate , i can only see radius -X
>>> responding :
>>> (0) Sending Access-Accept packet to host 10.1.1.13 port 1812, id=96,
>>> length=0
>>> (0) User-Profile :=
>>> 'cn=Device_Superior,ou=Admin,ou=Group,dc=gd,dc=abc,dc=com'
>>> it was not going to print out what reply item the User-Profile
>>> contained.
>>> and actually, i define the reply item as
>>> Huawei-Exec-Privilege := "15"
>>> it will give the highest admin right to the user belong to Group
>>> Device_Superior to Operate the Device .
>>>
>>> how can i debug the User-Profile?
>>
>
More information about the Freeradius-Users
mailing list