Génaël VALET wrote:
> I use LDAP groups for EAP-PEAP Authentication in wifi WPA context. For now,
> I used a DEFAULT line in "users" file like this :
>
> DEFAULT ldap_1x-Ldap-Group != "radius" , Auth-Type := Reject
> Reply-Message = "ACCES REFUSE"
>
> I have a LDAP Group named "radius" but I don't know howto permit another one
> LDAP Group
See "unlang". The LDAP group comparison has some oddities,
unfortunately.
authorize {
...
if ((LDAP-Group == X) || (LDAP-Group == Y)) {
# OK
}
else {
update reply {
Reply-Messages := "Access refuse"
}
reject
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
