LDAP Groups to Freeradius and then Ruckus Wireless?
Enrique Sainz Baixauli
enriquesainz.beca at intef.educacion.es
Wed May 28 16:30:15 CEST 2014
>>>> Uncomment:
>>>>
>>>> cache_attribute = 'LDAP-Cached-Membership'
>>>>
>>>> Then in authorize:
>>>>
>>>> ldap
>>>>
>>>
>>> Sorry that's
>>>
>>> foreach &control:LDAP-Cached-Membership {
>>> update reply {
>>> Ruckus-User-Group += "%{Foreach-Variable-0}"
>>> }
>>> }
>>
>> Thank you very much, but trying to start the server resulted in a
>> syntax error in '&control:LDAP-Cached-Membership': Unknown attribute
>> "LDAP-Cached-Membership"
>
>Define it in the user dictionay as a string attribute.
That's awesome, now the debug output shows that FR finds out which group
each user belongs to. Also, capturing local packets with wireshark (because
LDAP and FR are on the same machine) shows two request-responses, first for
the user and then for the group, between FR and LDAP. But on the Ethernet
interface there is nothing else aside from an Access-Request and an
Access-Accept, but nothing related to the group in the response. Maybe
wireshark doesn't show every field, but the packet length is only 20 so I
think it's just not being sent by FR.
Is there anything else I may be missing? Btw, I am not using rlm_cache yet,
I prefer to get it up and running and then try to optimize it.
Thank you again and again! :D
More information about the Freeradius-Users
mailing list