Hi there,
I’m new to freeradius, and am setting it up purely in a test environment before deploying live.
We’re using Freeradius 2.2.0 and Ubuntu server 12.04 .3 lts with Active Directory and Fortinet Fortigate based APs
We’re trying to achieve the following:
Authentication via Active Directory, but with access granted depending on AD Group membership.
EG: User A Is allowed Wifi access, as they are in Wifi-Users group
User B is not as they do not have membership of this group.
So we have the Freeradius server up and running, and it can authenticate against AD fine, but I cant figure out the group filtering portion of the setup.
The documentation points to configuring the modules/ldap file to point to our LDAP server (I.E. our AD server0, and to configure the /users file with the following line
DEFAULT Ldap-Group == "CN=sec-eduroam-users,OU=Access,OU=SecurityGroups,OU=Groups,DC=testres,DC=org"
DEFAULT Auth-Type = Reject
When I run freeradius in debug mode, we get all the usual output but no ldap modules mentioned
It dues include modules/ldap but little else.
FYI I have built this 3 times,
1.
With 13.04 Ubuntu Server and Freeradius 2.2.0 from source
2.
With 12.04 lts with FR 2.2.1 from source
3.
With 12.04 lts with FR from the Launchpad based package ppa:freeradius/stable which is from 2.2.0
I can authenticate against LDAP and pull down group information using command line queries, so I know that LDAP is installed correctly and working in the linux build.
What I cant get is LDAP to work through free radius.
Am I doing something wrong, is there a better way to do this?
Any help appreciated!