LDAP Groups to Freeradius and then Ruckus Wireless?
Enrique Sainz Baixauli
enriquesainz.beca at intef.educacion.es
Wed May 28 12:10:59 CEST 2014
Hi again,
So I'm now working with version 3.0.3 and I have moved all of my configs to
the new format. I can do, as I did on v2.1.2, group checking in users file
via the Ldap-Group virtual attribute. That's fine, but it's not what I need.
I need the group info to be forwarded to the client, and I'm trying to do so
in mods-available/ldap (symlinked to mods-enabled/). As there is no
ldap.attrmap file and the update section in mods-available/ldap seems to be
for that purpose, I'm mapping attributes there:
reply:Ruckus-User-Groups := 'control:memberOf'
Ruckus-User-Groups is defined in a dictionary file for vendor Ruckus. But
any kind of attribute that I think may fit there I have already tried
(memberOf, Ldap-Group, Ldap-Membership...), and no matter what I try I see a
line like this in the debug output:
ldap : Attribute 'control:memberOf' not found in LDAP Object
So my question is: how can I have freeradius run the logic behind Ldap-Group
and put that info in the reply? Because if I try it from users file
Ldap-Group is recognized and run, but from ldap config it just doesn't find
the attribute.
Thanks everyone one more time!
-----Mensaje original-----
De:
freeradius-users-bounces+enriquesainz.beca=intef.educacion.es at lists.freeradi
us.org
[mailto:freeradius-users-bounces+enriquesainz.beca=intef.educacion.es at lists.
freeradius.org] En nombre de Enrique Sainz Baixauli
Enviado el: martes, 27 de mayo de 2014 16:17
Para: 'FreeRadius users mailing list'
Asunto: RE: LDAP Groups to Freeradius and then Ruckus Wireless?
>>> My suggestion again is to try v3.0.3, or debug the v2.x.x code yourself.
>>>
>>> It was weeks of effort to rewrite the rlm_ldap module for version
>>> v3.0.x,
>> it was done for a reason.
>>>
>>> -Arran
>>
>> Ok, so I'm trying to build version 3.0.3 for debian and I'm stuck at
>> dpkg-buildpackage because it looks like it's running the configure
>> step for rlm_mschap over and over:
>
>I'm actually surprised you were able to get that far. 3.0.3's debian
>build
script is broken (to be accurate, a patch needs refresh), and needs one
minor fix which is already in 3.0.x git branch.
>
>Try my test packages:
>http://software.opensuse.org/download.html?project=home%3Afreeradius%3A3.0.
x%3Adebian&package=freeradius
>
>--
>Fajar
>-
That's awesome, your repo should be easier to find ;) Thanks!
@Alan and Arran: I'm not building on an NFS share, but the time is not right
because the server is on a test network and is not connected to anything
else (except when installing packages). Thanks anyway, as Fajar's packages
solved this :D
Cheers!
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
----------------------------------------------------------------------------
-----------------------
Texto aqadido por Panda Security for Desktops:
Este mensaje NO ha sido clasificado como SPAM. Si se trata de un mensaje de
correo no solicitado (SPAM), haz clic en el siguiente vmnculo para
reclasificarlo:
http://localhost:6083/Panda?ID=pav_118&SPAM=true&path=C:\Windows\system32\co
nfig\systemprofile\AppData\Local\Panda%20Software\AntiSpam
----------------------------------------------------------------------------
-----------------------
More information about the Freeradius-Users
mailing list