LDAP Config Clarification

Jason Frisvold xenophage0 at gmail.com
Tue Mar 17 19:56:59 CET 2009


tnt at kalik.net wrote:
> Remove those entries in users file. They are bypassing password checking.
> If you want to accept only some ldap groups use unlang. Something like:
> 
> if(Ldap-Group == something || Ldap-Group == something_else) {
>      ok
> }
> else {
>      update control {
>           Auth-Type := Reject
>      }
> }

Yeah.. that may be a problem.  Does freeradius 1.1.3 support unlang?
This is a RHEL 5.3 install...  I'm not aware of a trustable source for
2.x RPMs ...

> Example is the default group membership query in raddb/modules/ldap.

I *think* that's what I have already.

> Yes. Auth-Type LDAP needs to be set. If you force Auth-Type Accept in
> users file this will never be used.

Hrm...  ok, understood..  So I need to figure out how to require the vpn
group and reject if it isn't there...

> Ivan Kalik
> Kalik Informatika ISP


-- 
---------------------------
Jason Frisvold
xenophage0 at gmail.com
---------------------------
"I love deadlines. I like the whooshing sound they make as they fly by."
   - Douglas Adams



More information about the Freeradius-Users mailing list