i have a similar situation $ sudo grep Profile dictionary ATTRIBUTE Profile 3000 string
$ sudo grep Profile ldap.attrmap replyItem Profile VPN $ more default ..... post-auth { if (Profile == g1) { update reply { class = "ou=g1;" } } But in the log # Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++? if (Profile == g1) (Attribute Profile was not found) ? Evaluating (Profile == g1) -> FALSE ++? if (Profile == g1) -> FALSE I also tried If (reply:Profile == g1) Any idea? Thanks Frank On May 17, 2012, at 3:58 AM, C.F. Yeung wrote: Thanks, it's working. On Thu, May 17, 2012 at 3:22 PM, Phil Mayers <p.may...@imperial.ac.uk<mailto:p.may...@imperial.ac.uk>> wrote: On 05/17/2012 06:54 AM, C.F. Yeung wrote: We have 802.1x authentication via AD. It's okay. Now, we would like to reject users based on LDAP attribute, WLANStatus. Added attribute in dictionary and ldap.attrmap as follow. Where should I put the unlang? /etc/raddb/dictionary ATTRIBUTE My-Local-wlanStatus 3000 string /etc/raddb/ldap.attrmap replyItem My-Local-wlanStatus WLANStatus It's a REPLY item, so this should be: if (reply:My-Local-wlanStatus == A1) { ... } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html