LDAP Group Default
Albert K
alberk at gmail.com
Sat Nov 19 02:16:01 CET 2016
Hi Alan,
It tried adding this in the Post-Auth of the inner-tunnel but keep getting
the following error. When I comment out the Code below then the radius
(v3.0.11) will run so I am sure that there is no extra braces.
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
/usr/local/etc/raddb/sites-enabled/inner-tunnel[313]: Expecting section
start brace '{' after "{ update"
Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
### Added Code
if(LDAP-Group == "cn=hod,cn=users,dc=smartoptz,dc=com")
{update reply
{
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "30"
}
}
else
{ udpate reply {
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "40"
}
}
On Fri, Nov 18, 2016 at 7:19 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > I have want to the login user to be authorized according to their user
> > grouping in Microsoft AD and also a catch all default. At the moment I
> am
> > testing with two DEFAULT. Is it possible to do a Catch all DEFAULT. My
> > example below only catch non hod group. Any help would be much
> > appreciated. Thank you.
>
> use Unlang and LDAP-Group etc eg in the post-auth phase of inner-tunnel,
> if doing EAP - ensuring
> that the attributes are copied to the outer reply....as per the docs and
> inline comments:
>
> pseudo code:
>
> if(LDAP-Group = "cn=hod,cn=users,dc=smartoptz,dc=com"){
> update reply {
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = "30"
> }
> else {
> update reply {
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = "40"
> }
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list