With version 1.1.7 I want to achieve the following, which is probably
easy in 2.0:
In the authorize section I have an ldap module and an sql module sp1.
group {
ldap1
sp1
}
I want to get an attribute from AD and use the value of that attribute
in a later call to a database
radiusd -AX shows:
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding mobile as Huntgroup-Name == "VL-SBS-AD02-0001"
rlm_ldap: looking for reply items in directory...
rlm_ldap: user host/28tef003.ww006.company.net authorized to use remote
access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 1
radius_xlat: 'host/28tef003.ww006.company.net'
rlm_sql (sp1): sql_set_user escaped user -->
'host/28tef003.ww006.company.net'
radius_xlat: 'call firstif ('0','host/28tef003.ww006.company.net','',
'1.2.3.4','=','2')'
Retrieving an attribute from AD obviously works.
In sql.conf I have changed authorize_check_query to use a stored procedure:
sql.conf:
authorize_check_query = "call firstif
('0','%{SQL-User-Name}','%{Huntgroup-Name}', '%{NAS-IP-Address}','=','2')"
I would have expected the %{Huntgroup-Name} to be "VL-SBS-AD02-0001",
but this is not true.
Is the desired assignment possible at all in 1.1.7 ?
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
