post-auth | ldap-group | huntgroup

Alan DeKok aland at deployingradius.com
Fri Feb 5 13:55:55 CET 2021


On Feb 5, 2021, at 3:10 AM, Markus Demmert (BESITEC-DEHAM) <MDemmert at besitec.com> wrote:
> 
> I have problems to get this running:
> ------------------------------------------------------------------------------------------
> if (Huntgroup-Name == "cisco-group") {
> 	if (Ldap-Group == "Group_Network_Device_RW") {
>        		update reply {
> 			cisco-avpair = "shell:priv-lvl=15"
> 			}
> 		}
> 	}	
> 	else {
> 		reject
> 	}
> -----------------------------------------------------------------------------------------
> I get this debug output:
> -----------------------------------------------------------------------------------------
> (0)     [ldap] = ok
> (0)   } # Auth-Type LDAP = ok
> (0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/ldap-network
> (0)   post-auth {
> (0)     if (Huntgroup-Name == "cisco-group") {
> (0)     ERROR: Failed retrieving values required to evaluate condition
> (0)     else {
> (0)       [reject] = reject
> -----------------------------------------------------------------------------------------
> When I remove the huntgroup line it is working and I can authenticate against a network device. But in combination with the huntgroup I get this error. 

  So... where is the the Huntrgoup-Name coming from?

> What I am doing wrong? Can someone point me in the right direction. 

  Posting the *full* debug output as suggested in *all* the documentation would be a good first step.

  Alan DeKok.





More information about the Freeradius-Users mailing list