summaryrefslogtreecommitdiffstats
path: root/usr/local/www/diag_authentication.php
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-08-12 12:20:10 -0400
committerjim-p <jimp@pfsense.org>2015-08-12 12:20:10 -0400
commitc4a9f99a8d79e201b2af5053a095c83bb1a26467 (patch)
tree204e9cd435cc8a192e5a8e5f2b92ccc98bbb7dd1 /usr/local/www/diag_authentication.php
parentc0d5c1435ee8f90d1ee62f5fb4a4fac48aacda77 (diff)
downloadpfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.zip
pfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.tar.gz
Fix GUI auth from RADIUS to grab group names from the Class attribute. Implements #935
The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
Diffstat (limited to 'usr/local/www/diag_authentication.php')
-rw-r--r--usr/local/www/diag_authentication.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php
index de8a43b..d0b81d5 100644
--- a/usr/local/www/diag_authentication.php
+++ b/usr/local/www/diag_authentication.php
@@ -57,9 +57,10 @@ if ($_POST) {
}
if (!$input_errors) {
- if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg)) {
+ $attributes = array();
+ if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg, $attributes)) {
$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
- $groups = getUserGroups($_POST['username'], $authcfg);
+ $groups = getUserGroups($_POST['username'], $authcfg, $attributes);
$savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />";
foreach ($groups as $group) {
$savemsg .= "{$group} ";
OpenPOWER on IntegriCloud