ads questions and multiple values
liz
liz at unixgrrl.net
Sat Apr 8 09:07:28 CEST 2006
Greetings,
A few more questions :)
I've now gone through the book ( I feel like such a snob reading it
on the bus ==) and have a better understanding of how Freeradius
works. I have gotten it to search for an attribute in LDAP and return
it the NAS. What I would like to do is to have it be able to query
the memberOf attribute in the acrtive directory server and then
verify if the user is in any of those groups and than permit access
based on that membership. Heres what im wondering
a) When I query the attribute it returns multiple cn=... results. In
the debug log I see it setting this as xxx.xxxx which is understood
by our nas equipment. It does it four times, But in the reply packet
I only see it sending one and not four. Am I correct to assume that
it will only send one of the responses to the Nas.
b) I think I can use the Users file to determine which group the user
is a member of and then have it send an attribute back to the Nas
telling it which role to set. Is the the attribute returning multiple
groups a problem (not multiple attributes, one attribute several bits
of data seperated by a delimiter) ?
c) can I strip the leading cn= bit from the response the ldap server
sends ( I saw an article somewhere about using an operator in the
LDAP.attrmap file) and once thats done can it use the groups
returned in the users file?
Thanks!
Liz
More information about the Freeradius-Users
mailing list