Combining LDAP authentication and UNIX groups
Alan DeKok
aland at deployingradius.com
Wed Oct 18 18:41:28 CEST 2006
Paul Stepowski <p.stepowski at qut.edu.au> wrote:
> Is it possible to authenticate users against LDAP and also check if
> the username exists in a local UNIX group.
Yes. But you really don't need to authenticate against LDAP.
Configure the server to pull the cleartext password from LDAP, and the
server will figure it out...
> I tried to combine these two in various way, e.g.
>
> - ---snip---
> DEFAULT Group == "paul", Auth-Type = LDAP,
> Fall-Through = No
> - ---snip---
>
> But I couldn't get this to work, probably because LDAP has no concept of a
> "Group".
Huh? No.
That configuration will work IF the user is in a local Unix group.
And PLEASE read the FAQ for questions like "it doesn't work".
You're going out of your way to avoid giving information that may
enable people to help you.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list