Augusto G. Andreollo wrote: > I have the need to log the return code from the LDAP authentication to > our database (I'm adding it to the postauth table scheme).
I wouldn't suggest doing that for EVERY packet. Why do you think it's necessary? > I've already modified the database scheme (ok), the attribute map, to > create a new attribute called "reason" (ok) and the insert queries (ok). > All of this is working fine, including the complete authentication, all > the way thru Access-Accept and Accounting. > > My problem now is getting the return code into the variable, according > to the LDAP module results. It looks like it's working. What's the problem? > (and then it goes on to successfuly add the string "rejected" to the > database. Again, that part is working smoothly). So... what's the problem? > My second attempt was with a switch statement, as follows: > > authenticate { > Auth-Type LDAP { > redundant { > ldap1 > ldap2 > } > > switch "%{control:rcode}" { Umm... there is no "control:rcode" attribute. > expand: %{control:rcode} -> > ++- entering switch %{control:rcode} {...} > +++- entering case {...} See? No "control:rcode". > (to save room, i've already tried encasing the case options in quotes, > as 'rejected', 'ok', etc.. that gives me the exact same results. So does > putting it on double quotes, as "ok", "rejected", etc..) > > So, any ideas? Use the first method, not the second. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html