I have the following in my sites-available/default:
authorize {
...
# Allow only NET Staff members to log into BAND and HAPF
if (Ldap-Group == "NET Staff" && (NAS-IP-Address == "192.168.6.5"
|| NAS-IP-Address == "192.168.6.4")) {
update reply {
Passport-Access-Priority = 6
}
}
# Reject everyone else
elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address ==
"192.168.6.4") {
reject = 1
}
...
What I want is to only allow NET Staff members to log in and reject
everyone else who tries to log into these resources. I'm getting the
following in my log:
Tue Mar 13 12:55:32 2012 : Info: ++? elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") -> TRUE
Tue Mar 13 12:55:32 2012 : Info: ++- entering elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") {...}
Tue Mar 13 12:55:32 2012 : Info: +++- elsif (NAS-IP-Address ==
"192.168.6.5" || NAS-IP-Address == "192.168.6.4") returns notfound
Tue Mar 13 12:55:32 2012 : Info: ++- group authorize returns notfound
What is the correct syntax to reject this way?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
