post-auth | ldap-group | huntgroup
Alan DeKok
aland at deployingradius.com
Fri Feb 5 13:55:55 CET 2021
On Feb 5, 2021, at 3:10 AM, Markus Demmert (BESITEC-DEHAM) <MDemmert at besitec.com> wrote:
>
> I have problems to get this running:
> ------------------------------------------------------------------------------------------
> if (Huntgroup-Name == "cisco-group") {
> if (Ldap-Group == "Group_Network_Device_RW") {
> update reply {
> cisco-avpair = "shell:priv-lvl=15"
> }
> }
> }
> else {
> reject
> }
> -----------------------------------------------------------------------------------------
> I get this debug output:
> -----------------------------------------------------------------------------------------
> (0) [ldap] = ok
> (0) } # Auth-Type LDAP = ok
> (0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/ldap-network
> (0) post-auth {
> (0) if (Huntgroup-Name == "cisco-group") {
> (0) ERROR: Failed retrieving values required to evaluate condition
> (0) else {
> (0) [reject] = reject
> -----------------------------------------------------------------------------------------
> When I remove the huntgroup line it is working and I can authenticate against a network device. But in combination with the huntgroup I get this error.
So... where is the the Huntrgoup-Name coming from?
> What I am doing wrong? Can someone point me in the right direction.
Posting the *full* debug output as suggested in *all* the documentation would be a good first step.
Alan DeKok.
More information about the Freeradius-Users
mailing list