Authorizing using LDAP attributes

Clayton Knorr clayton.knorr at nuspire.com
Mon May 9 17:25:58 CEST 2016


Ok I got this to work in my freeradius 2.1.x setup.

I changed the attribute map to a reply item, then in sites-enabled/default I changed my logic to include reply:My-Local-String along with Alan's ldap.authorize.

        ldap.authorize
        if ( Called-Station-Id == "AC-86-74-46-65-91:Peep" && reply:My-Local-String == "A1000" ) {
               noop
        }

        else {
                reject
        }

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+clayton.knorr=nuspire.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Monday, May 9, 2016 9:58 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Authorizing using LDAP attributes

On May 9, 2016, at 9:29 AM, Clayton Knorr <clayton.knorr at nuspire.com> wrote:
> Adding ldap.authorize to the post-auth section didn't seem to change anything except adding a "++[ldap.authorize] returns ok" to the logs

  Hmm... it should show it adding the attributes.

> Is there a preferred way to do this I can use in version 2.2.x? 

  Upgrade to 3.0.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list