Franks Andy (RLZ) IT Systems Engineer wrote:
> It's working from the rlm_exec module as intended now, not sure what I
> did wrong yesterday.
No idea.
> I tried output_pairs=control in the module but it didn't like it, -
> should that work if =config is v1 stuff?
It should, I guess.
As alw
> That works fine. However I'm still intrigued about why the other
> method fails, and I also presume this method doesn't allow multiple
> attribute types to be updated as per the exec-program-wait script in
> the example documentation?
> Yes
> Maybe it's not supported? Must admit I
Franks Andy (RLZ) IT Systems Engineer wrote:
> That works fine. However I'm still intrigued about why the other
> method fails, and I also presume this method doesn't allow multiple
> attribute types to be updated as per the exec-program-wait script in the
> example documentation?
Yes
> Maybe
lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 02 August 2012 17:19
To: FreeRadius users mailing list
Subject: Re: Tricky problem with ldap and primary groups in AD
Franks Andy (RLZ) IT Systems Engineer wrote:
> and am assi
Franks Andy (RLZ) IT Systems Engineer wrote:
> and am assigning the Reply-Message attribute the value that should be
> returned from the script using
>
> update reply {
> Reply-Message := "%{control:My-Local-Integer}"
> }
You can just do:
update reply {
Reply-Message := `/path/t
Hi,
I've got another query to do with this issue.
I'm trying to follow up running an external script that could feasibly
update a control value within freeradius.
It's working fine to push the variable outwards, and recording that
passed variable to a file using the bash redirect >> , however I'v
On 02/08/12 14:18, Franks Andy (RLZ) IT Systems Engineer wrote:
>Correct. You can however check them in "unlang"
>
>authorize {
> ...
> ldap
> if (Ldap-Group == mygroup) {
> # they're a member via memberof
> ...
On 08/01/2012 10:52 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
> user on a specific client machine. The Ldap-Group doesn't see the
> primary group as it's set to do a"memberof" lookup. Other groups are
> seen fine.
>Yes. Sadly this is an AD-specific behaviour, and there's no way
t
On 08/01/2012 10:52 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
user on a specific client machine. The Ldap-Group doesn’t see the
primary group as it’s set to do a“memberof” lookup. Other groups are
seen fine.
Yes. Sadly this is an AD-specific behaviour, and there's no way to
change it.
Franks Andy (RLZ) IT Systems Engineer wrote:
> 2) Check the primarygroupid attribute out by mapping it using
> ldap.attrmap and attributes in the dictionary file, but then as far as I
> can tell I can’t use these as checkitems within the users file.
So? See "man unlang". You can write pol
10 matches
Mail list logo