Radius authentication against LDAP question
Alan DeKok
aland at deployingradius.com
Fri Jun 1 17:00:15 CEST 2012
g17jimmy wrote:
> One question relating to this is about the /etc/raddb/users file- It doesn't
> seem to work as it's documented,
Well... no.
> If I have a group set to be rejected based
> on its membership like this:
>
> DEFAULT Group="disabled", Auth-Type:=Reject
>
> radius doesn't even check for group membership. The only way it seems to get
> directed to check membership is with a negative check (!=).
See "man users". Use Group == ...
The operators do different things.
> DEFAULT LDAP-Group!="newgroup", Auth-Type:=Reject
>
> Regardless, I still can't figure out what filter would validate the user
> "newuser" as a member of "newgroup"-
LDAP-Group == "newgroup"
Everyone else is using it.
Alan DeKok.
More information about the Freeradius-Users
mailing list