diff options
author | jim-p <jimp@pfsense.org> | 2015-08-12 12:20:10 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-08-12 12:20:10 -0400 |
commit | c4a9f99a8d79e201b2af5053a095c83bb1a26467 (patch) | |
tree | 204e9cd435cc8a192e5a8e5f2b92ccc98bbb7dd1 /etc/inc/authgui.inc | |
parent | c0d5c1435ee8f90d1ee62f5fb4a4fac48aacda77 (diff) | |
download | pfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.zip pfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.tar.gz |
Fix GUI auth from RADIUS to grab group names from the Class attribute. Implements #935
The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
Diffstat (limited to 'etc/inc/authgui.inc')
-rw-r--r-- | etc/inc/authgui.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 2c4aea0..07cf9a9 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -54,7 +54,7 @@ if (!session_auth()) { * We give them access only to the appropriate pages based on * the user or group privileges. */ -$allowedpages = getAllowedPages($_SESSION['Username']); +$allowedpages = getAllowedPages($_SESSION['Username'], $_SESSION['user_radius_attributes']); /* * redirect to first allowed page if requesting a wrong url |