Freeradius 1.X.X and LDAP groups.
Alan DeKok
aland at deployingradius.com
Thu Sep 10 10:12:58 CEST 2009
Michael March wrote:
> I've been playing around with this all day and I'm stumped.
Please read the "man" page for the "users" file.
> Does anyone have a config for ANY version of FreeRadius that works
> with LDAP groups?
Yes.
>
> On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote:
>> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm
>> trying to get authentication working so FreeRadius will authenticate a
>> user OLNY if they are in a certain LDAP group.. In this case that
>> group is called 'it'.
That's simple enough.
>> DEFAULT Auth-Type = LDAP
>> Fall-Through = 1
>>
>> DEFAULT LDAP-Group == it
>> Service-Type = Administrative-User
That configuration does NOT match your requirements. It:
a) sets authentication to LDAP
b) adds Service-Type... for users in the "it" LDAP group
It's really that simple.
What you want is:
a) for users in "it" group, set LDAP authentication
b) reject everyone else
i.e. For (a), put the configuration in ONE entry in the "users" file.
DEFAULT LDAP-Group == "it", Auth-Type = LDAP
# NO FALL-THROUGH
DEFAULT Auth-Type := Reject
Alan DeKok.
More information about the Freeradius-Users
mailing list