Use LDAP-Groups for rejecting a user
Anja Ruckdaeschel
Anja.Ruckdaeschel at rz.uni-regensburg.de
Fri Aug 7 19:19:07 CEST 2009
Hello there!
I´m using freeradius 2.1.6 and use a ldap-group to reject some users. The
problem is, when the ldap-servers are
not responding when doing the search for the ldap-dn or when doing the search
for the dn in the group
the files-Module returns ok because the user abc matches for the next entry.
So a correct named bind is triggered
and the user gets access-accept even though he´s in the reject-group.
How can I get something like
"[files] returns failed"
in that case???
I´m doing the module loading for the groups in radiusd.conf:
instantiate {
...
ldagroups1
ldagroups2
}
Here´s the users-File. I hope anyone can help ...
DEFAULT Auth-Type :=REJECT, User-Name =~ "^(\.*)([a-zA-Z]{3})",
ldapgroups1-Ldap-Group == 'cn
=rejectgroup,ou=public,o=mycompany,c=de'
DEFAULT Auth-Type :=REJECT, User-Name =~ "^(\.*)([a-zA-Z]{3})",
ldapgroups2-Ldap-Group == 'cn
=rejectgroup,ou=public,o=mycompany,c=de'
...
DEFAULT User-Name =~ "^(\.*)([a-zA-Z]{3})", FreeRADIUS-Proxied-To !*
127.0.0.1, Auth-Type :=LDAP
...
DEFAULT Auth-Type :=reject
Thanks a lot
Anja
---------------------------------------------------------------------------------------------
Anja Ruckdäschel M.A.; Rechenzentrum der Universität Regensburg;
Universitätsstr.31; 93 053 Regensburg
Telefon: +49 941 943 4826
---------------------------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list