Ivan, Thank you so much! Perhaps you misunderstood my intention of saying "relevant portions" of the configs - this isn't *everything* in the config, just everything related to LDAP. Regardless, I just removed all of what I'd added to users and added that construct to authorize{} in my default site, and it seems to be working perfectly. I had to change update control { Auth-Type := Accept } to "Fall-Through: yes" to get LDAP authentication to work, but other than that, perfect! Thanks, Jason Ivan Kalik wrote:
I can't seem to find anything concrete online for freeradius1 relating to
groupOfNames, so I've just been trying random things that I found online (for raddb/users) hoping one would work.
RELEVANT CONFIGS (only relevant portions, comments removed)
raddb/sites-enabled/default:
authorize { ldap } authenticate { Auth-Type LDAP { ldap }
}
And did you find that any part of documentation suggesting that you should cripple the server and then wonder why it's not working? Or does it say: "use default configuration and make only small changes"? Now, go back to the default configuration, configure *only* ldap module, disable ldap authentication (without the password in the request it can't work as it is clearly stated in ldap module) set_auth_type = no. Add this unlang statements to authorize:
if(Ldap-Group == "WirelessUsers") { update control { Auth-Type := Accept } } else { reject }
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html