AW: Freeradius vs. ActiveDirectory
Völker, Christian
Christian.Voelker at qsc.de
Mon Nov 14 13:07:11 CET 2005
Yohoo!
>LDAP advantage is that you can get more information out of
>the AD...which is what io believe is the desire in this case
Gotcha! :)
My google-searches hat driven me into the direction to use _only_ ntlm_auth for authentication vs. AD.
Meanwhile I had also triggered out the needed groups-settings.
Just for completeness the settings for the groups:
----snip-------
/etc/raddb/radiusd.conf
[...]
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(& (objectClass=top)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = memberOf
[...]
----snip-------
/etc/raddb/users
DEFAULT Ldap-Group == "Cisco-RW"
Auth-Type := LDAP
DEFAULT Ldap-Group == "Cisco-RO"
Auth-Type := LDAP
DEFAULT Auth-Type := Reject
Reply-Message = "No access."
----snip-------
Works fine here. Is there the need of a short howto for the doc/ ?
Greets
Christian
More information about the Freeradius-Users
mailing list