Greetings to all, I am trying to accomplish the following setup:
- have freeradius query an ldap server to get the usual user entry with one check and a few reply attributes - have after that a users file, that based on the check attribute obtained before by the ldap module make some processing (eg add a few common reply attributes) This is actually a "grouping" functionallity and I can accomplish what I want using the Ldap-Group attribute, BUT I want to avoid the extra ldap queries. So for example I have: LDAP ---------- # kzorba, people, company.gr dn: uid=kzorba1,ou=people,dc=company,dc=gr objectClass: XXX objectClass: YYY radiusProfile: FOO_STATIC Framed-IP-Address: 62.103.131.9 userPassword: XXXXXXX sn: ZORBADELOS uid: kzorba ... ldap.attrmap -------------- checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem Ascend-Group radiusProfile replyItem Framed-IP-Address Framed-IP-Address replyItem Framed-Route Framed-Route replyItem Filter-Id Filter-Id And I want to have a users file that looks like this: DEFAULT Ascend-Group =~ "STATIC" Reply-Message = "Your account is Static." Having the following authorize section in default authorize { preprocess chap mschap ldap { notfound = reject } files pap } The checks fail. I looked at the source code and from what I understood the ldap module puts all check items in the so called control (or check list), while rlm_file makes checks in the request list So I figured that doing an unlang update request would solve the problem. authorize { preprocess chap mschap ldap { notfound = reject } update request { Group = "%{control:Ascend-Group}" } files pap } And in users file have a DEFAULT Group =~ "STATIC" Reply-Message = "Your account is Static." However this also did not work. Any help as to what am I missing here? Thanks, Kostas Zorbadelos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html