<div dir="ltr"><div class="gmail_extra"><br><br><div class="gmail_quote">2013/11/12 Mik J <span dir="ltr"><<a href="mailto:mikydevel@yahoo.fr" target="_blank">mikydevel@yahoo.fr</a>></span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div style="font-size:12pt;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif"><div><br></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif">
I'm confuse how freeradius will proceed</div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif">
- Search for myuser in the ldap using the account I provided in
modules/ldap</div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif">- Check the users password</div>
</div></div></blockquote><div><br></div><div>You can turn on LDAP debug, it helped me a lot. Check last section of ldap module config</div><div><div><------># ldap_debug: debug flag for LDAP SDK</div><div><------># (see OpenLDAP documentation). Set this to enable</div>
<div><------># huge amounts of LDAP debugging on the screen.</div><div><------># You should only use this if you are an LDAP expert.</div><div><------>#</div><div><------>#<----->default: 0x0000 (no debugging messages)</div>
<div><------>#<----->Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)</div><div><------>ldap_debug = 0x0028.</div></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div style="font-size:12pt;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif"><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif">
<span style="background-color:transparent;font-size:16px">groupmembership_filter = "(&(objectclass=posixGroup)(</span><span style="background-color:transparent;font-size:16px">memberUid=%u))"</span></div></div>
</div></blockquote><div><br></div><div>My groupmembership filter in 2.1.1 looks like this</div><div><br></div><div><div><------>groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))</div>
<div><------> groupmembership_attribute = radiusGroupName</div></div><div><br></div><div>Config syntax seems to hint that you have very old freeradius. Which version?</div><div><br></div><div> Groups can be checked via LDAP-group variable</div>
<div><br></div><div>A.</div></div></div></div>