Help with LDAP groupOfNames?

Jason Antman jason at jasonantman.com
Thu Apr 16 22:50:25 CEST 2009


Ivan,

Thank you so much! Perhaps you misunderstood my intention of saying
"relevant portions" of the configs - this isn't *everything* in the
config, just everything related to LDAP.

Regardless, I just removed all of what I'd added to users and added that
construct to authorize{} in my default site, and it seems to be working
perfectly.

I had to change

update control {
		Auth-Type := Accept
	}

to "Fall-Through: yes" to get LDAP authentication to work, but other
than that, perfect!

Thanks,
Jason

Ivan Kalik wrote:
>> I can't seem to find anything concrete online for freeradius1 relating to
>>     
> groupOfNames, so I've just been trying random things that I found online
> (for raddb/users) hoping one would work.
>   
>> RELEVANT CONFIGS (only relevant portions, comments removed)
>>     
>
>   
>> raddb/sites-enabled/default:
>>     
>
>   
>> authorize {
>> 	ldap
>> }
>> authenticate {
>>        Auth-Type LDAP {
>>                  ldap
>>        }
>>
>> }
>>     
>
> And did you find that any part of documentation suggesting that you should
> cripple the server and then wonder why it's not working? Or does it say:
> "use default configuration and make only small changes"? Now, go back to the
> default configuration, configure *only* ldap module, disable ldap
> authentication (without the password in the request it can't work as it is
> clearly stated in ldap module) set_auth_type = no. Add this unlang
> statements to authorize:
>
> if(Ldap-Group == "WirelessUsers") {
> 	update control {
> 		Auth-Type := Accept
> 	}
> }
> else {
> 	reject
> }
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   




More information about the Freeradius-Users mailing list