LDAP group check not working with SQL expansion

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jul 24 23:35:16 CEST 2017

> I'm using FreeRADIUS Version 3.0.12.
> I'm doing EAP-TTLS/PAP and I have the following policy in the
> authorize section of the inner tunnel virtual server (same behaviour
> when it's in post-auth):

That's an odd one, feel free to open a GitHub issue.

For a quick workaround, you may be able to copy the value of the expansion to a temporary attribute and use that.


update request {
	Tmp-String-0 := "%{sql:SELECT group_name FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}"

if (LDAP-Group == &Tmp-String-0) {
	update reply {
		Tunnel-Private-Group-Id := "%{sql:SELECT vlan_id FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}"
		Tunnel-Type := VLAN
		Tunnel-Medium-Type := IEEE-802

Let me know if it works.  May give some insight as to what's going on.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170724/e44944c3/attachment.sig>

More information about the Freeradius-Users mailing list