The best way is to follow what I suggested in this post.<br><br><a href="http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html">http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html</a><br>
<br>We authenticate a group of 5620's and 7210's in our environment too using that exact same method.<br><br>Now that the Timetra (now Lucent) Dictionary is in 2.1.8 thanks to me (shameless plug) it should be easy.<br>
<br>Any questions you can send them to me off-list if you need more help.<br><br><div class="gmail_quote">On Tue, Mar 30, 2010 at 10:12 AM, Gary Gatten <span dir="ltr"><<a href="mailto:Ggatten@waddell.com">Ggatten@waddell.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Yup - that's what I was talking about.<br>
<br>
You can use variables, but if you need to enumerate a users group memberships - then yea you'll need LDAP.<br>
<font color="#888888"><br>
G<br>
</font><div class="im"><br>
<br>
-----Original Message-----<br>
From: freeradius-users-bounces+ggatten=<a href="http://waddell.com" target="_blank">waddell.com</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a> [mailto:<a href="mailto:freeradius-users-bounces%2Bggatten">freeradius-users-bounces+ggatten</a>=<a href="http://waddell.com" target="_blank">waddell.com</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>] On Behalf Of Lincoln Zuljewic Silva<br>
Sent: Monday, March 29, 2010 4:08 PM<br>
To: FreeRadius users mailing list<br>
</div><div><div></div><div class="h5">Subject: Re: Freeradius, Active Directory and User's Group<br>
<br>
Gary<br>
<br>
Are you talking about the "--require-membership-of" parameter of ntlm_auth?<br>
<br>
If yes, I can't use it because is a "randon" situation.<br>
<br>
The Alcatel software has a list of all groups that can login and their<br>
appropriate permissions. The freeradius has to see what are the user<br>
groups that the user are member of and reply it to Alcatel software.<br>
<br>
John,<br>
<br>
I will check out this "reply attribute" and see if it works for me...<br>
<br>
Regards<br>
Lincoln<br>
<br>
On Mon, Mar 29, 2010 at 5:53 PM, Gary Gatten <<a href="mailto:Ggatten@waddell.com">Ggatten@waddell.com</a>> wrote:<br>
> FWIW, I do group checking with SAMBA. I'm not in front of my system, but there's an arg one can pass to the Samba util exe where it will validate uname, password, and group membership. This should work for most "simple" confs, although I can certainly envision situations where LDAP may be required.<br>
><br>
> ----- Original Message -----<br>
> From: freeradius-users-bounces+ggatten=<a href="http://waddell.com" target="_blank">waddell.com</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a> <freeradius-users-bounces+ggatten=<a href="http://waddell.com" target="_blank">waddell.com</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>><br>
> To: FreeRadius users mailing list <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
> Sent: Mon Mar 29 15:26:57 2010<br>
> Subject: Re: Freeradius, Active Directory and User's Group<br>
><br>
> Understood, but the freeradius will be able to return this group<br>
> information to the Alcatel device?<br>
><br>
> Regards<br>
> Lincoln<br>
><br>
> On Mon, Mar 29, 2010 at 5:10 PM, John Dennis <<a href="mailto:jdennis@redhat.com">jdennis@redhat.com</a>> wrote:<br>
>> On 03/29/2010 04:02 PM, Lincoln Zuljewic Silva wrote:<br>
>>><br>
>>> I'm sorry.<br>
>>><br>
>>> I forgot to mention that I'm not using LDAP, but Samba to integrate<br>
>>> the freeradius with AD.<br>
>><br>
>> O.K. I presume you're using samba for authentication, but where are you<br>
>> storing the information about which groups a user is in? I presume it's in<br>
>> AD. AD is an ldap server that you can query during authorization which is<br>
>> when and where you would do the group check.<br>
>> --<br>
>> John Dennis <<a href="mailto:jdennis@redhat.com">jdennis@redhat.com</a>><br>
>><br>
>> Looking to carve out IT costs?<br>
>> <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>
>> -<br>
>> List info/subscribe/unsubscribe? See<br>
>> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> Lincoln Zuljewic Silva<br>
> More contact info.: <a href="http://www.system.adm.br/contact.php" target="_blank">http://www.system.adm.br/contact.php</a><br>
><br>
> "How often must a question be asked before it's considered a<br>
> frequently asked question?"<br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<br>
--<br>
Lincoln Zuljewic Silva<br>
More contact info.: <a href="http://www.system.adm.br/contact.php" target="_blank">http://www.system.adm.br/contact.php</a><br>
<br>
"How often must a question be asked before it's considered a<br>
frequently asked question?"<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>