On 2 Jul 2013, at 07:18, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote: > >> If a user is not in the secret group, then their login should fail if >> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request. > > This is pretty easy: > > authorize { > ... > if (Vendor-3076-Attr-146 == 0x554d44) { > if (SQL-Group == secret) { > noop > } > else { > reject > } > } > ... > } Actually no. Undefined attributes should not be modified or evaluated. You'll need to find the proper definition for the attribute and add a new dictionary entry. Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html