Hi, I spent some time trying to put working together FR+AD and presently i'm using ntlm to authenticate users through mschap against the AD. It is working.
Next step is try to allow access only to specific users belonging to a Group from the AD, but it is not working.
I post here the important i have configured untill now:
1. users file:
DEFAULT Ldap-Group != "wireless", Auth-Type := Reject
Ldap-Group and SQL-Group don't work well with !=. Try this unlang in inner-tunnel authorize instead: if(Ldap-Group == "wireless") { ok } else { reject }
2. /usr/local/etc/raddb/sites-enabled/inner-tunnel and default:
# uncommented ldap from authorize function
3. /modules/ldap:
server = "192.168.1.10" port = 389 identity = "cn=Administrator,cn=users,dc=DOT1X,dc=local" password = 123456 basedn = "dc=DOT1X,dc=local" filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))" base_filter = "(objectclass=radiusprofile)" groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=top)(uniquemember=%{Ldap-UserDn})))" groupmembership_attribute = memberOf
Do you have any idea what can be missing?
That should be %{control:Ldap-UserDn}. Ivan Kalik Kalik Informatika ISP