Franks Andy (RLZ) IT Systems Engineer wrote:
> It's working from the rlm_exec module as intended now, not sure what I
> did wrong yesterday.
No idea.
> I tried output_pairs=control in the module but it didn't like it, -
> should that work if =config is v1 stuff?
It should, I guess.
As alw
> That works fine. However I'm still intrigued about why the other
> method fails, and I also presume this method doesn't allow multiple
> attribute types to be updated as per the exec-program-wait script in
> the example documentation?
> Yes
> Maybe it's not supported? Must admit I
Franks Andy (RLZ) IT Systems Engineer wrote:
> That works fine. However I'm still intrigued about why the other
> method fails, and I also presume this method doesn't allow multiple
> attribute types to be updated as per the exec-program-wait script in the
> example documentation?
Yes
> Maybe
lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of Alan DeKok
Sent: 02 August 2012 17:19
To: FreeRadius users mailing list
Subject: Re: Tricky problem with ldap and primary groups in AD
Franks Andy (RLZ) IT Systems Engineer wrote:
> and am assi
Franks Andy (RLZ) IT Systems Engineer wrote:
> and am assigning the Reply-Message attribute the value that should be
> returned from the script using
>
> update reply {
> Reply-Message := "%{control:My-Local-Integer}"
> }
You can just do:
update reply {
Reply-Message := `/path/t
Hi,
I've got another query to do with this issue.
I'm trying to follow up running an external script that could feasibly
update a control value within freeradius.
It's working fine to push the variable outwards, and recording that
passed variable to a file using the bash redirect >> , however I'v
On 02/08/12 14:18, Franks Andy (RLZ) IT Systems Engineer wrote:
>Correct. You can however check them in "unlang"
>
>authorize {
> ...
> ldap
> if (Ldap-Group == mygroup) {
> # they're a member via memberof
> ...
On 08/01/2012 10:52 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
> user on a specific client machine. The Ldap-Group doesn't see the
> primary group as it's set to do a"memberof" lookup. Other groups are
> seen fine.
>Yes. Sadly this is an AD-specific behaviour, and there's no way
t
On 08/01/2012 10:52 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
user on a specific client machine. The Ldap-Group doesn’t see the
primary group as it’s set to do a“memberof” lookup. Other groups are
seen fine.
Yes. Sadly this is an AD-specific behaviour, and there's no way to
change it.
Franks Andy (RLZ) IT Systems Engineer wrote:
> 2) Check the primarygroupid attribute out by mapping it using
> ldap.attrmap and attributes in the dictionary file, but then as far as I
> can tell I can’t use these as checkitems within the users file.
So? See "man unlang". You can write pol
Hi All,
I've been searching for half the day and can't find an answer for a
question I have. I'm new to freeradius and so far am finding it a
rewarding challenge.
I have freeradius 2.1.10 up and running, querying AD via ldap and
authenticating with ntlm_auth fine.
I'm using Ldap-Group checks with
11 matches
Mail list logo
