Problem with LDAP and Groups
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Oct 11 22:13:21 CEST 2007
>If I change the fall through to yes it still matches as many groups as the user is in. How can I tell freeradius which attributes to send back?
If you want to send sets of attributes according to the NAS user is
trying to log into use huntgroups.
>For example, bevege is a member of the following groups, packetshapper, cisco_priv_15, cisco_priv_1, linux.
Your group allocation is wrong. You can't have the same user(name) on
the same device having priv levels 1 and 15. Pick one. Or have him log
in as username at 1 and username at 15 and use realms to allocate correct set
of attributes.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list