diff options
author | jim-p <jimp@pfsense.org> | 2015-08-12 12:20:10 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-08-12 12:20:10 -0400 |
commit | c4a9f99a8d79e201b2af5053a095c83bb1a26467 (patch) | |
tree | 204e9cd435cc8a192e5a8e5f2b92ccc98bbb7dd1 /usr | |
parent | c0d5c1435ee8f90d1ee62f5fb4a4fac48aacda77 (diff) | |
download | pfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.zip pfsense-c4a9f99a8d79e201b2af5053a095c83bb1a26467.tar.gz |
Fix GUI auth from RADIUS to grab group names from the Class attribute. Implements #935
The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/diag_authentication.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index de8a43b..d0b81d5 100644 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -57,9 +57,10 @@ if ($_POST) { } if (!$input_errors) { - if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg)) { + $attributes = array(); + if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg, $attributes)) { $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); - $groups = getUserGroups($_POST['username'], $authcfg); + $groups = getUserGroups($_POST['username'], $authcfg, $attributes); $savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />"; foreach ($groups as $group) { $savemsg .= "{$group} "; |