Hi, I have LDAP authentication working fine, checked and tested. Incurred a little problem when integrating with the device, because of EAP, but now using two-stage with inner-tunnel to get around this. Now, all that I'm left with, is how to filter out the users. I have two filters that I want to use from OpenLDAP. They are as follows: accountStatus enabledService I want it to check these two variables, and based on the results to accept or reject the users. So, firstly, if accountStatus = active, the user will be accepted. The second variable enabledService = wifi, if this also matches, it means they are allowed to use the WIFI network. I already have the default filter: filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" so not sure if I just need to edit this appropriately, or another way? Regards Ian
Write an unlang with ldap xlat you will find it in wiki of freeradius. BR, Anirudh Malhotra 8zero2 Mail: 8zero2.in@gmail.com Facebook: www.facebook.com/8zero2 Twitter: @8zero2_in Blog: blog.8zero2.in On 23 Mar 2016, 11:49 +0530, scatmanwalks<scatmanwalks@gmail.com>, wrote:
Hi,
I have LDAP authentication working fine, checked and tested. Incurred a little problem when integrating with the device, because of EAP, but now using two-stage with inner-tunnel to get around this.
Now, all that I'm left with, is how to filter out the users. I have two filters that I want to use from OpenLDAP. They are as follows:
accountStatus enabledService
I want it to check these two variables, and based on the results to accept or reject the users. So, firstly, if accountStatus = active, the user will be accepted. The second variable enabledService = wifi, if this also matches, it means they are allowed to use the WIFI network.
I already have the default filter:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
so not sure if I just need to edit this appropriately, or another way?
Regards
Ian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mar 23, 2016, at 2:18 AM, scatmanwalks <scatmanwalks@gmail.com> wrote:
I already have the default filter:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
so not sure if I just need to edit this appropriately, or another way?
The simplest way is just to edit that filter. Alan DeKok.
Never mind, I figured it out. I thought I would need to do some checkReply, receiveReply options however it's not needed. All I had to put in the ldap module was this: filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(accountStatus=active)(enabledService=wifi))" and then it rejected without problems. If someone has both these attributes set, then they can login without problems. So this is good. On 23 March 2016 at 07:18, scatmanwalks <scatmanwalks@gmail.com> wrote:
Hi,
I have LDAP authentication working fine, checked and tested. Incurred a little problem when integrating with the device, because of EAP, but now using two-stage with inner-tunnel to get around this.
Now, all that I'm left with, is how to filter out the users. I have two filters that I want to use from OpenLDAP. They are as follows:
accountStatus enabledService
I want it to check these two variables, and based on the results to accept or reject the users. So, firstly, if accountStatus = active, the user will be accepted. The second variable enabledService = wifi, if this also matches, it means they are allowed to use the WIFI network.
I already have the default filter:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
so not sure if I just need to edit this appropriately, or another way?
Regards
Ian
participants (3)
-
Alan DeKok -
Anirudh Malhotra -
scatmanwalks