<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV>I have just installed freeradius on debian 5. I run a mail server with combination of postifix,courier and sqwebmail. I want to authenticate mail users through freeradius, i dont know how to go about it. can anyone assit.</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV> </DIV>
<DIV>Philly<BR></DIV>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt"><BR>
<DIV style="FONT-FAMILY: arial, helvetica, sans-serif; FONT-SIZE: 13px"><FONT size=2 face=Tahoma>
<HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Hugh Blandford <hugh@island.net.au><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> FreeRadius users mailing list <freeradius-users@lists.freeradius.org><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tue, November 2, 2010 7:16:21 AM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: LDAP Groups<BR></FONT><BR>Thank you Peter for your email. I hadn't come across them in the list search.<BR><BR>On 2/11/2010 14:16, Alan DeKok wrote:<BR>> Hugh Blandford wrote:<BR>> <BR>>> would mean you could add the attribute radiusGroupName to a user's entry<BR>>> and it would then look up the relevant GroupofNames and add those<BR>>> attributes to the return items. However, when I add radiusGroupName to<BR>>> a user's entry I don't see any groupname lookups in the debug at all.<BR>> No. The documentation does not say it
works that way.<BR>> <BR>When using the following sort of DEFAULT entry:<BR><BR>Ldap-Group == flat10000, User-Profile := "uid=flat10000,ou=profiles,ou=radius,ou=wl,dc=example,dc=org"<BR><BR>there is no relevance to<BR><BR>groupmembership_attribute = radiusGroupName<BR><BR>Reading the rlm_ldap document. I thought that the groupmembership_attribute was specified in the user entry which was then used to fetch the group information.<BR><BR># groupmembership_attribute: The attribute in the user entry that states<BR># the group the user belongs to. The attribute can either contain the<BR># group name or the group DN. If it contains the group DN<BR># groupmembership_attribute will also be used to find the group's name.<BR># The attribute will be used after a search based on the<BR># groupname_attribute and
groupmembership_filter has failed. default:<BR># NULL - don't search for a group based on attributes in the user entry.<BR><BR>Alan I'm not saying you are wrong :-) more I don't understand under what circumstances / how it is used.<BR><BR>I do not see any group searching done in the debugs unless I specify an LDAP-Group entry in the users file.<BR><BR>I thought that with groupmembership_attribute = radiusGroupName set and an entry like<BR><BR>radiusGroupName = disabled or cn=disabled,ou=............. etc in a user entry it would return additional attributes listed in the disabled group.<BR>>> What I actually want to do is might not be solved best by LDAP groups.<BR>>> Most of our customers are in different VRFs and this, the loopback<BR>>> address and DNS servers etc are returned. Rather than store this<BR>>> information under each user I would like to have template that I refer<BR>>>
to. However, at the same time, having 50+ default entries didn't seem<BR>>> the right way to do it either.<BR>> That's what groups are for.<BR><BR>Is it sensible to have 50 or so DEFAULT LDAP-Group entries? Or does that show that I have totally failed in understanding what/how FreeRADIUS should be used.<BR><BR>Thanks for your help.<BR><BR>Hugh<BR><BR>-- Hugh Blandford<BR>Island Internet<BR>ph 1300 130 428<BR>mb 0412 016 875<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR></DIV></DIV></div><br>
</body></html>