Question on Unlang
Brian Candler
b.candler at pobox.com
Wed Mar 29 17:13:38 CEST 2017
On 29/03/2017 15:29, Olivier CALVANO wrote:
> thanks, i think's that files modules is the solution because we have
> actually 40 domains and in may we add 150 new domain without sub-subdomains
>
> a question because i have tested but that's don't work. i have:
>
> added in /etc/raddb/modules/subrealm:
>
> files subrealm {
> key = "%{Realm}"
> filename = ${confdir}/Liste-des-Sous-Realm
> }
>
>
> in /etc/raddb/Liste-des-Sous-Realm, i have:
> network.local Tmp-String-0 := "Excluded"
> admin.local Tmp-String-0 := "Excluded"
> wifi.local Tmp-String-0 := "Excluded"
>
> in my /etc/raddb/policy.d/my.conf:
>
> if ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name =~
> /\\.local/) && (&control:Tmp-String-0 != "Excluded") &&
> ("%{Packet-Src-IP-Address}" == "192.168.20.1")) {
> update reply {
> <...>
> }
> }
> elsif ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') &&
> (&control:Tmp-String-0 != "Excluded") && ("%{Packet-Src-IP-Address}" ==
> "192.168.50.1")) {
> update reply {
> <...>
> }
> }
>
>
> and when i am connect with @network.local, all time i have:
> ?? Evaluating (&control:Tmp-String-0 != "Excluded") -> TRUE
You need to invoke the 'subrealm' module somewhere in your authorize {}
section. Then your freeradius -X output should show it being invoked,
and whether it found the realm in there.
Regards,
Brian.
More information about the Freeradius-Users
mailing list