Background:
When a user associated with the ssid Guest, the user will
authenticate against a FreeRadius server. If he has a university account,
the FreeRadius server will authenticate him via LDAP. If he does not have
a university account, the FreeRadius server will do the authentication with a
guest account database.
Goal:
To reduce the chance to do the LDAP search, the LDAP-group
search is successful if the user is in the LDAP and no matter which LDAP group
he is in.
My shot and the problem:
I am trying to do a wildcard search in LDAP-Group search, but it looks
like the wildcard could not work.
Related entries in the file users,
<omitted>
DEFAULT Called-Station-Id =~
".*Guest", myldap-Ldap-Group == "*", Autz-Type := Ldap1,
Auth-Type := Ldap1
DEFAULT Called-Station-Id =~
".*Guest", Group == "guest", Autz-Type := Web, Auth-Type :=
System
<omitted>
Debug output,
<output omitted>
rlm_ldap: performing search
in ou=people,dc=myuniv,dc=ca, with filter
(&(cn=*)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
<output omitted>
rlm_ldap::groupcmp: Group *
not found or user not a member
rlm_ldap: ldap_release_conn:
Release Id: 0
++[files] returns noop
rlm_pap: WARNING! No
"known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the
user.
Login incorrect: [cxu] (from
client localhost port 0)
Delaying reject of request 0
for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for
request 0
Questions:
Thanks!
Andrew