Hi Alan
but I have not been able to see a working example using ldap,
if (NAS-Identifier == "%{ldap: ... ldap stuff ... }") {
thinking at the %{sql:SELECT ...} example I tough I syntax almost
like this
if (NAS-Identifier ==
"ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local
(eckAllowedServices)" ) {
You didn't use the same form as the SQL example. The brackets have
*meaning*: %{}
if (NAS-Identifier == {ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)} ) {
ok
}
when start radiusd in debug mode I got:
Expected string or numbers at: ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)} )
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
is for that reason I did not use brackets - I got a syntax error, so I
tought it was wrong to use them in this way
if I modify to the following in
if (NAS-Identifier == "{ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) {
ok
}
radiusd starts well, but when tring to authenticate I got the
following message:
++? if (NAS-Identifier == "{ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" )
expand: {ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local
(eckAllowedServices)} ->
{ldap:cn=testuser,ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}
? Evaluating (NAS-Identifier == "{ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) -> FALSE
++? if (NAS-Identifier == "{ldap:cn=%{User-
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) -> FALSE
++- entering else else {...}
+++[reject] returns reject
++- else else returns reject
Using Post-Auth-Type Reject
%{User-Name} is expanded right, ... is my syntax that is certainly
wrong so that unlang see is just like a string to compare
Alan, ... why you don't just provide a working example - I'm working
on a GPL'ed app - ECK, if you give a look to sourceforge you can find
it - and now are almost two years I spent many of my nights - I have
to work during the day - and part of my weekends in a project that I
think somebody could find usefull. Maybe one day many people will use
it to build their base system and simply do not write to this list
asking ho to have freeradius working with PAM, LDAP and so on because
thanks to ECK they'll got a working environment in less than an hour.
Maybe they'll stress you just on how to improve it
you work on freeradius because you belive in your project, I work on
mine because I belive in mine. I belive in your project and put it
into mine. We both work without beeing paid by anybody, just for passion
Now I'm at the final race, ... I really do not understand why you
cannot provide just an example - maybe I am a stupid, but I re-read
more times unlang manual without beeing able to figure the right syntax
Marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
