Dear Alan, Below is our ldap module config: ldap ldapwifi1 { server = "192.168.154.33" identity = "uid=wifitest,ou=production,ou=system,o=domain.com" password = xxxxxx basedn = "o=domain.com" filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(!(nsaccountlock=true)))" base_filter = "(objectclass=*)" groupmembership_filter = "(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))" ldap_connections_number = 5 timeout = 10 timelimit = 9 net_timeout = 10 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap Framed-Ip-Address = ipaddress edir_account_policy_check = no } ldap ldapwifi2 { server = "192.168.154.34" identity = "uid=wifitest,ou=production,ou=system,o=domain.com" password = xxxxxx basedn = "o=mobistar.be" filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(!(nsaccountlock=true)))" base_filter = "(objectclass=*)" groupmembership_filter = "(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))" ldap_connections_number = 5 timeout = 10 timelimit = 9 net_timeout = 10 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap Framed-Ip-Address = ipaddress edir_account_policy_check = no } Below is my ldap server config in sites-enabled: server wifi { authorize { preprocess suffix # if ( Called-Station-id =~ /:OBE_Byod$/ ) { # eap_byod # } if( Called-Station-Id =~ /:OBE_Office$/ ) { eap } elsif( Airespace-Wlan-Id == 2 ) { redundant-load-balance { ldapwifi1 ldapwifi2 } } expiration logintime } authenticate { Auth-Type LDAP { redundant-load-balance { ldapwifi1 ldapwifi2 } } # Auth-Type eap_byod { # eap_byod #} Auth-Type eap { eap } } preacct { preprocess update request { FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" } acct_unique suffix } accounting { wifi linelog-session } session { } post-auth { if( Airespace-Wlan-Id == 2 ) { if( "%{control:LDAP-UserDN}" =~ /ou=guest,ou=wifi,o=domain.com$/i ) { noop } elsif( LDAP_Group == "cn=WiFiGuestPartners,ou=RADIUS Groups,ou=Groups,ou=staff,o=domain.com" ) { noop } else { reject } } linelog-access # Post-Auth-Type REJECT { # linelog-access # attr_filter.access_reject # } } pre-proxy { } post-proxy { } } Could you please help where is the configuration wrong..? ---- *Thanks & Kind Regards,* Saurabh LAHOTI.
On Thu, 2018-05-24 at 10:58 +0200, Saurabh Lahoti wrote:
Below is our ldap module config:
That looks like a v2 ldap config. Are you still running v2? My guess from the little information provided is that you've upgraded to v3 and are trying to use your v2 config. Don't do that. Rebuild your config from scratch in v3. -- Matthew
participants (2)
-
Matthew Newton -
Saurabh Lahoti