VLan affect based on ldap attribute freeradius v3
Matthew Newton
mcn at freeradius.org
Thu Aug 30 23:12:54 CEST 2018
On Thu, 2018-08-30 at 22:55 +0200, jehan procaccia int wrote:
> I did that , but still fails with now the error :
>
> (30) if (( &reply:User-Category == "employee") || (&reply:User-
> Category == "faculty") || (&reply:User-Category == "staff" ) ||
> (&reply:User-Category == "researcher") || (&reply:User-Category ==
> "member")) {
> (30) ERROR: Failed retrieving values required to evaluate
> condition
> (30) elsif ( (&reply:User-Category == "student" ) ||
> (&reply:User-Category == "affiliate") ) {
> (30) ERROR: Failed retrieving values required to evaluate
> condition
> (30) else {
> (30) update reply {
> (30) Tunnel-Private-Group-Id := 902
So put
debug_reply
above that line and see if the attribute has been set there.
> then it is still not clear wether my attribute is named User-Category
> or UserCategory (without "-") !?
Look in the dictionary. It is "User-Category".
> and what's the difference between reply and &reply ?
&reply says to use the attribute value. In v2 you didn't need to say
that. You should in v3 to save ambiguity.
> /etc/raddb/sites-enabled/../vlanaffect.conf[3]: Unknown attribute
> 'UserCategory'
Because it's User-Category.
> in mods-available/ldap I have the following mapping
>
> ldap prod {
> update {
> reply:User-Category +=
> 'eduPersonPrimaryAffiliation'
>
> should (can ?) I rename :User-Category to :UserCategory here ?
No
> > > is there a way to print the value of the an attribute to check
> > > it's
> > > *name* and*value* ?
> >
> > debug_reply
> where do you set that ? I do see in policy.d/debug
Where you need to find out what the reply list contains. As above.
> I use eduroam with peap mschapv2 (inner-tunnel) , maybe different
> radius packets are involved, it would be in my vlanaffec script that
> I would change reply with session-state ?
Change all reply:User-Category to session-state:User-Category.
But find out whether it's set or not first.
--
Matthew
More information about the Freeradius-Users
mailing list