I always hate replying to my own problem, but I just figured this out. Turns
out that we're proxying auth to a backend server, which was returning a
garbled Class attribute, therefore *my* Class attribute wasn't being returned.
I configured $confdir/attrs to filter it and it appears to work now.
Still need to test the proxy load patch this afternoon, but I'm one step
closer... ;-)
Alan DeKok wrote:
Geoff Silver <[EMAIL PROTECTED]> wrote:
I have a bunch of users which should have a class attribute returned upon
successful authentication. Their entries look something like:
bob NAS-IP-Address == 172.31.33.66, Hint==HasSlash Auth-Type:=Accept
Class = "OU=MY_CORP", Filter-Id = "SPCCOLO_O",
Split-Tunneling-Policy = 1, Split-Tunnel-List = "SPCCOLO_ST"
What they're actually getting back is:
Packet-Type = Access-Accept
User-Name = "bob"
Class = 0x3739774831423272375053516a71424143444358434979507544493d
Which is '79...'
It works for me, so my guess is that something else in your
configuration is setting Class to that value.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
