On 2 Jul 2013, at 07:41, Arran Cudbard-Bell <a.cudba...@freeradius.org> wrote:
> > On 2 Jul 2013, at 07:18, Phil Mayers <p.may...@imperial.ac.uk> wrote: > >> On 07/02/2013 02:30 AM, Matt Zagrabelny wrote: >> >>> If a user is not in the secret group, then their login should fail if >>> the Vendor-3076-Attr-146 = 0x554d44 pair is in the request. >> >> This is pretty easy: >> >> authorize { >> ... >> if (Vendor-3076-Attr-146 == 0x554d44) { >> if (SQL-Group == secret) { >> noop >> } >> else { >> reject >> } >> } >> ... >> } > > Actually no. Undefined attributes should not be modified or evaluated. You'll > need to find the proper definition for the attribute and add a new dictionary > entry. This may work for 2.x.x but definitely wont't work for 3.0 which uses direct DICT_ATTR pointer comparisons in some places (instead of comparing vendor/attribute number). Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html