Ldap Group Membership Requirements
tnt at kalik.co.yu
tnt at kalik.co.yu
Wed Jun 20 23:14:26 CEST 2007
DEFAULT LDAP-Group!="wireless", Auth-Type:=Reject
Reply-Message="You are not allowed to connect"
Ivan Kalik
Kalik Informatika ISP
Dana 20/6/2007, "Cody Jarrett" <cody.jarrett at itfreedom.com> piše:
>So it will search and find the group, but I can still connect with my
>user even though it isn't in that group. Any ideas on how to keep a user
>from connecting if their account isn't in that group?
>
>
>
>Thibault Le Meur wrote:
>>> Basically trying to
>>> figure out
>>> what I need to add to these lines: groupname_attribute,
>>> groupmembership_filter, and groupmembership_attribute. Also
>>> not sure if
>>> I need to add something to users file like: DEFAULT LDAP-Group ==
>>> "wireless". Can anyone provide input on what I need to
>>> configure, Thanks.
>>>
>>> wireless group in ldap, you can see cjarrett is a member:
>>> dn: cn=wireless,ou=Groups,dc=itfreedom,dc=com
>>> objectClass: posixGroup
>>> cn: wireless
>>> gidNumber: 1011
>>> memberUid: cjarrett
>>>
>>
>> You're using POSIXGroups:
>> groupname_attribute = cn
>> Groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))
>>
>> No groupmembership_attribute.
>>
>>
>> In you users file, for instance:
>> DEFAULT LDAP-Group == "wireless" ...
>>
>>
>> See /usr/share/doc/freeradius/rlm_ldap text file.
>>
>> HTH,
>> Thibault
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
>
More information about the Freeradius-Users
mailing list