Matching multiple LDAP-groups during post-auth
Chris Wopat
me at falz.net
Tue Apr 6 16:35:52 CEST 2021
On Wed, Mar 31, 2021 at 7:34 AM Alan DeKok <aland at deployingradius.com> wrote:
> if network 1 ...
> ...
> else {
> update reply {
> Local-Reject-Check += "No matching network"
> }
> }
>
> if optical 1 ...
> ...
> else {
> update reply {
> Local-Reject-Check += "No matching optical"
> }
> }
>
> if (&reply:Local-Reject-Check) {
> reject
> }
>
> And that should do it.
Thanks for the sample config. Just chiming in to say that this
*mostly* worked, the last item, which appears to be checking the
existence of "Local-Reject-Check" within the reply, didn't work and
I'd always get a reject.
Note I'm on FreeRADIUS 2 still, on my todo list is upgrade to v3, will
plug away at it more when I do that.
--Chris
More information about the Freeradius-Users
mailing list