Freeradius How to integrate Active Directory and return groupattribute to VPN Concentrator
Dusty Doris
freeradius at mail.doris.cc
Fri Dec 2 19:11:10 CET 2005
On Wed, 30 Nov 2005, Alhagie Puye wrote:
> Ok, So I played around some more with the settings.
>
> Actually "group" and "groupofnames" are not correct attributes for user.
>
> It is supposed to be "memberof". So I changed line in ldap.attrmap to
> look like:
>
> replyItem Class memberof
>
> Now I'm getting replyItems but the data looks like garbage. I want it to
> return the group name.
>
You are returning CN as the class in your radius packet.
Class = CN
Class is not a string, its an octet so what you are seeing 434e is really
CN. You must be returning something like
memberof: CN=somegroup,ou=someou,...
It seems like rlm_ldap is stripping anything after that = sign. You
should check the bugs db and see if you can find something like this.
More information about the Freeradius-Users
mailing list