2015-03-19 18:14 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
On Mar 19, 2015, at 12:20 PM, Ben Humpert <ben@an3k.de> wrote:
I already read plenty of Howtos, manpages and configuration examples and tried to find a Guide for what I'm trying to archive.
Most third-party guides aren’t worth the effort. It’s better to UNDERSTAND what’s going on, rather than to follow a guide which may or may not be applicable.
What I exactly want to archive is RADIUS to check 1) if the group the user is in is allowed to log into Called-Station-Ssid “guest"
That’s in the FAQ.
http://wiki.freeradius.org/guide/faq Where?
2) if the username & password is correct
The server does that if you configure a user/password. i.e. tell it to look the user up in LDAP.
Server already does it but before checking in which group the user is
3) if user has "dialupAccess” set
See the LDAP module configuration for how that works.
That already works, directly after checking for username/password but before checking in which group the user is.
I'm running Ubuntu 14.04.1, FreeRADIUS 2.1.12 and OpenLDAP 2.4.31
<sigh> Upgrade to 2.2.6. The Debian / Ubuntu people have fixated on 2.2.12 for reasons I don’t understand.
RADIUS 2.1.12 is the latest available in latest LTS Ubuntu.
I'd start from scratch but have modified dictionary, policy.conf and sites-available/default according to http://wiki.freeradius.org/guide/Mac-Auth
Are you doing MAC Auth? If so, then the guide should work. If you’re not doing MAC Auth, then why the heck are you following the MAC auth guide?
No but it was the ONLY guide which explained how to seperate MAC and SSID. I didn't followed it completely, just took the parts I need.