Hi,
I've successfully set up freeradius and till now it is doing what I want -
checking realms and prefixes and uses a postgres database backend. ;)
Now I want to implement a check, that verifies if a user authenticating with
10...@realma.com is also in the group "realmA" and reject the request if this
is not the case. This way I want to implement a "user X purchased product Y?"
Already tried this: Adding in the radusergroup table:
+------------------+-----------+-----------+
| username | groupname | priority |
+------------------+-----------+-----------+
| 10...@realma.com | realmA | 10 |
+------------------+-----------+-----------+
And in the radgroupcheck table:
+----+-----------+-----------+----+------------+
| id | groupname | attribute | op | value |
|----+-----------+-----------+----+------------+
| 1 | realmA | Realm | != | realma.com |
+----+-----------+-----------+----+------------+
And finally in the radgroupreply table:
+----+-----------+---------------+----+-----------------------+
| id | groupname | attribute | op | value |
+----+-----------+---------------+----+-----------------------+
| 1 | realmA | Auth-Type | := | Reject |
+----+-----------+---------------+----+-----------------------+
And of course, my debug output says:
rlm_realm: Adding Realm = "~^realmA.com$"
I also tried adding "~^realmA.com$" as value in the radgroupcheck table with no
success.
I thought to already understood this concept... but adding "Auth-Type :=
Reject" in the radgroupcheck table works?!
My expression in radgroupcheck also works - I verified this by adding
"Reply-Message += Is this working?" within radgroupreply and the reply-message
is added to the response.
If anybody could assist me with this or just give me a hint it'd be great!
Regards,
Robert Borz.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
