diff options
| author | jim-p <jimp@pfsense.org> | 2015-08-12 12:07:15 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-08-12 12:10:46 -0400 |
| commit | 709c2f99f1bf99022ee8ba670cfd8025e2c71592 (patch) | |
| tree | fde3ebe661cc80e526944be6dbebd2fe051b1c24 /usr/local | |
| parent | 24850bca184ba103fad984da638fe7252071d1af (diff) | |
| download | pfsense-709c2f99f1bf99022ee8ba670cfd8025e2c71592.zip pfsense-709c2f99f1bf99022ee8ba670cfd8025e2c71592.tar.gz | |
Fix GUI auth from RADIUS to grab group names from the Class attribute. Implements #935
The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/diag_authentication.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index df68560..704e92a 100644 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -55,9 +55,10 @@ if ($_POST) { $input_errors[] = gettext("A username and password must be specified."); if (!$input_errors) { - if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg)) { + $attributes = array(); + if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg, $attributes)) { $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); - $groups = getUserGroups($_POST['username'], $authcfg); + $groups = getUserGroups($_POST['username'], $authcfg, $attributes); $savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />"; foreach ($groups as $group) $savemsg .= "{$group} "; |
