I surely misunderstand something : in my test : User is found on ldap in group wireless, but (Ldap-Group != "wireless") evaluates to TRUE ... NOTE : user has multiple radiusgroupname
+- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++? if (Ldap-Group != "wireless") [ldap] Entering ldap_groupcmp() expand: dc=corp,dc=carrefour,dc=com -> dc=corp,dc=carrefour,dc=com expand: %{Stripped-User-Name} -> ... expanding second conditional expand: %{User-Name} -> stephane_deroch expand: (&(uid= %{%{Stripped-User-Name}:-%{User-Name}})(objectclass=radiusProfile)) -> (&(uid=stephane_deroch)(objectclass=radiusProfile)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=corp,dc=carrefour,dc=com, with filter (&(radiusGroupName=wireless)(&(uid=stephane_deroch)(objectclass=radiusProfile))) rlm_ldap::ldap_groupcmp: User found in group wireless [ldap] ldap_release_conn: Release Id: 0 ? Evaluating (Ldap-Group != "wireless") -> TRUE ++? if (Ldap-Group != "wireless") -> TRUE ++- entering if (Ldap-Group != "wireless") {...} +++[control] returns noop +++[reject] returns reject ++- if (Ldap-Group != "wireless") returns reject } # server inner-tunnel [peap] Got tunneled reply code 3 Le mardi 01 juin 2010 à 15:23 +0200, Alan DeKok a écrit : > Fred MAISON wrote: > > How can i make checks on ldap radiusgroupnale without using the user > > file ? > > Use attribute comparisons just like the "users" file. > > > I have not been able to place somthing like this in the post-auth > > section of inner-tunnel ... > > if ( "%{control:Ldap-Group}" == "wireless" ) { > > This isn't like the "users" file. > > if (LDAP-Group == "wireless") { > ... > } > > The extra "${control:...}" text isn't necessary. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html