Problem with LDAP and Groups

tnt at tnt at
Thu Oct 11 22:13:21 CEST 2007

>If I change the fall through to yes it still matches as many groups as the user is in. How can I tell freeradius which attributes to send back?

If you want to send sets of attributes according to the NAS user is
trying to log into use huntgroups.

>For example, bevege is a member of the following groups, packetshapper, cisco_priv_15, cisco_priv_1, linux. 

Your group allocation is wrong. You can't have the same user(name) on
the same device having priv levels 1 and 15. Pick one. Or have him log
in as username at 1 and username at 15 and use realms to allocate correct set
of attributes.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list