We have 802.1x authentication via AD. It's okay. Now, we would like to reject users based on LDAP attribute, WLANStatus. Added attribute in dictionary and ldap.attrmap as follow. Where should I put the unlang?
/etc/raddb/dictionary ATTRIBUTE My-Local-wlanStatus 3000 string /etc/raddb/ldap.attrmap replyItem My-Local-wlanStatus WLANStatus /etc/raddb/sites-available/default authorize { ... ldap if (My-Local-wlanStatus == "A1") { reject } ... } rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=student,o=example.com, with filter (uid=testuser) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... rlm_ldap: WLANStatus -> My-Local-wlanStatus = "A1" WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++? if (My-Local-wlanStatus == "A1") (Attribute My-Local-wlanStatus was not found)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html