Class attribute in Reply message
Alan DeKok
aland at deployingradius.com
Tue Oct 3 13:46:17 CEST 2017
On Oct 3, 2017, at 5:23 AM, Umut Arus <umuta at sabanciuniv.edu> wrote:
> I need to reply an deniedServices ldap variable in Class attribute for a
> controller. I added it
> "replyItem Class deniedServices +=" at ldap.attrmap file.
> and sites-available/default file includes it.
That should work.
> But it override the Class
> value to empty.
> update reply {
> Class += "%{Reply-Message}"
> }
Read "man unlang". That sets Class to the contents of the Reply-Message contained in the *request*.
> FreeRADIUS Version 2.2.8
Upgrade.
> Output parts are:
>
> [peap] Setting User-Name to tayfund
> Sending tunneled request
> EAP-Message =
> 0x020900421a0209003d3167738a93d83ed76e5251bbbaa183542f0000000000000000008955f2389888dbc3771d940bc5c9ade688b2ec3b08e4f80074617966756e64
EAP makes everything harder. You can't get get Class from LDAP in packet 3, and expect the same Class to be there in later packets.
Upgrade to 3.0.15, and this will be MUCH easier to configure.
Alan DeKok.
More information about the Freeradius-Users
mailing list