LDAP Groups to Freeradius and then Ruckus Wireless?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Jun 5 12:39:50 CEST 2014


On 5 Jun 2014, at 10:52, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:

>> Is rlm_cache the answer to my problems? If so, should I just call it in
> authorize in inner-tunnel after ldap and then to retrieve in default server
> post-auth? Or when/how? And if not, any other solutions to this?
> 
> After a few trial-and-error runs, I've gotten it to work. For the record,
> this is my config:
> 
> mods-enabled/cache:
> 
> update {
> 	
> }

If you upgrade to v3.0.x HEAD it can be made even simpler.

mods-available/cache:

update {
	control:LDAP-Group += &control:LDAP-Group
	<additional LDAP password attributes you need>
}

sites-enabled/inner-tunnel:
authorize {
	[...]
	update control {
		Cache-Read-Only := yes
	}	
	cache
	if (notfound) {
		ldap
		cache
	}
	[...]
}

That's actually significantly more efficient, as it guarantees there will only ever be one call out to LDAP for the entire EAP authentication.

Well done for getting it working :)

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140605/0272b1ba/attachment.pgp>


More information about the Freeradius-Users mailing list