Simon Grierson wrote:
Authentication via Active Directory, but with access granted depending on AD Group membership.
That should be possible.
EG: User A Is allowed Wifi access, as they are in Wifi-Users group
User B is not as they do not have membership of this group.
That's easy.
So we have the Freeradius server up and running, and it can authenticate against AD fine, but I cant figure out the group filtering portion of the setup.
The FAQ has examples. The configuration files have many references to "ldap", with comments describing what it does.
The documentation points to configuring the modules/ldap file to point to our LDAP server (I.E. our AD server0, and to configure the /users file with the following line
DEFAULT Ldap-Group == "CN=sec-eduroam-users,OU=Access,OU=SecurityGroups,OU=Groups,DC=testres,DC=org"
DEFAULT Auth-Type = Reject
The default *is* to reject the user, but that may work.
When I run freeradius in debug mode, we get all the usual output but no ldap modules mentioned
Is it a secret? The FAQ, "man" page, web pages, and daily messages on this list say to post the debug output. It's the ONLY way to solve the problem.
It dues include modules/ldap but little else.
Which is probably fine.
FYI I have built this 3 times,
Well, then you did it wrong 3 times.
What I cant get is LDAP to work through free radius.
Am I doing something wrong, is there a better way to do this?
Post the debug output as suggested in the FAQ, "man" page, web pages, and daily on this list. Alan DeKok.