Non Ldap Group members being rejected
tnt at kalik.net
tnt at kalik.net
Sun Feb 8 15:16:03 CET 2009
>At present I am using AD groups to assign roles to my users
>and rejecting users who are not members of the defined groups.
> This is being done via the users file which looks like this:
>
>
>#If you are not in either group, no access is allowed
>#FreeRADIUS 2.1
>
>
>#These are the groups we are checking for Lunar Building staff
>DEFAULT Ldap-Group == "lunar-staff"
> Aruba-User-Role = "employee"
>
>DEFAULT Ldap-Group == "lunar-member"
> Aruba-User-Role = "member"
>
>DEFAULT Ldap-group != "lunar-staff", Auth-Type := Reject
>DEFAULT Ldap-group != "lunar-member", Auth-Type := Reject
>
>#End
>
>I now want to also include guest users whose credentials are in
>a MySQL database, what statement do I need to include in my users file
>to also allow the guest users to authenticate, since my current config
>allows only the Ldap Groups. I did have SQL working before I added the
>reject statements.
>
Add all SQL users to group guests. Then add before reject statements:
DEFAULT SQL-Group == "guests"
and perhaps Aruba-User-Role = "guest".
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list