substring matching problem : is there a length limit?
Alan DeKok
aland at deployingradius.com
Wed Sep 6 15:29:30 CEST 2017
On Sep 6, 2017, at 8:48 AM, $witch <a.spinella at fidus.it> wrote:
> have a working installation of FreeRADIUS Version 3.0.15 that "look for AD group matching" to distinguish allowed users per NAS.
That's good...
> shortly, having proof that it is working for many but not all workers have observed that in working case
>
> ...........
> (2) } # Auth-Type ntlm_auth = ok
> (2) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
> (2) post-auth {
> (2) if (`/bin/sh /usr/local/etc/raddb/getwingrp.sh
Why not just use the features that come with the server? It supports querying AD for group membership via LDAP-Group:
if (LDAP-Group == "admin") {
... do stuff ...
}
The LDAP group checks are even cached, so it doesn't hit AD every time you do the group comparison.
> so, it seem that 1115 is outside some limit (I guess 1024) but am not aware IF and WHERE can I expand it.
I wouldn't recommend that.
Instead, please explain what that script does, and why you need it to return almost 100 group. I'm willing to bet that you can re-implement that functionality in FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list