[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Active directory integration and grant access base on AD group membership
From:       Luc Paulin <paulinster () gmail ! com>
Date:       2017-02-15 17:35:51
Message-ID: CA+Dp=BGdpjuEWOcKBWDFCXeH6kgR4oCzDxtcrLDD2-RvvN2m+Q () mail ! gmail ! com
[Download RAW message or body]

Thank you, that work .. Thanx!

I'll definately look at upgrading to v3. I did notice that my version was
so old. I just took the one our the centos6's repo .


  -Luc


--
                         !!!!!
                       ( o o )
 --------------oOO----(_)----OOo--------------
   Luc Paulin
   email: paulinster(at)gmail.com
   Skype: paulinster


2017-02-15 12:21 GMT-05:00 Alan DeKok <aland@deployingradius.com>:

> On Feb 15, 2017, at 12:15 PM, Luc Paulin <paulinster@gmail.com> wrote:
> >
> > Ok thanx for your reply .. I think that I now start to better understand
> > how the this work..  So policies need/can be written within the auth so
> we
> > can reject request base on the person's group membership and huntgroup ..
> >
> > So base on this I made this simple switch case that I added to the
> > authorize section after the ldap module
>
>   OK.
>
> > However when I test I dont seem to be getting the expecting result.
> >
> > ++[pap] = noop
>
>   You're running version 2.  Ugh.  Why not upgrade to a version of the
> server which was released in the last 5 years?
>
> > Look like the Ldap-Group did found that the user is member of the
> > devopsuser group, which is correct, however, when I do the negative
> compare
> > (!=) it also return true.  I have also tried with "=="  got the exact
> same
> > result,
>
>   In v2, you have to do:
>
>         if (!(LDAP-Group == "foo")) {
>
>   This is fixed in v3.  There are a LOT of good reasons for upgrading to
> v3.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]