25 Mar
2015
25 Mar
'15
10:20 p.m.
I have setup the group in groupmembership_attribute as a naive intent to accomplish my goal. If that is not the correct parameter I will really appreciate your help on where I should set my Group and the syntax. On my first email I included my LDAP.conf file as generated by pfsense. I think is closed as needed because I was successful matching user/pass with AD when group membership_attribute is default, but for all Users. Now I need to change it to consider the Group. For now I only need to identify only one Group. I am using FreeRadius for a Squid proxy server then the User is used on Dansguardian. On Mar 25, 2015 7:21 PM, "Ben Humpert" <ben@an3k.de> wrote: > 2015-03-25 22:26 GMT+01:00 Jose Torres-Berrocal < > jetsystemservices@gmail.com>: > > I do not think what I need is nonstandard. > > > > Let me explain my need in non technical way. I need the users to enter > > username and password. Compare the username/password against Active > > Directory, then extract the Groups the user belong to and compare/verify > it > > includes the Group set up in Radius LDAP config. If match pass, else > > reject. > > Where in the Radius LDAP config did you set up the Group? In > groupmembership_attribute? > > Have you already modified the groupmembership_filter to match your MS AD > schema? > > Do you only want to authenticate users in the group InternetAccess > with Radius or also users of other groups? > > > Maybe this can be done with any combination of the normal filter, base > > filter, group membership filter, group attribute, etc. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html