LDAP Config Clarification
Jason Frisvold
xenophage0 at gmail.com
Tue Mar 17 19:56:59 CET 2009
tnt at kalik.net wrote:
> Remove those entries in users file. They are bypassing password checking.
> If you want to accept only some ldap groups use unlang. Something like:
>
> if(Ldap-Group == something || Ldap-Group == something_else) {
> ok
> }
> else {
> update control {
> Auth-Type := Reject
> }
> }
Yeah.. that may be a problem. Does freeradius 1.1.3 support unlang?
This is a RHEL 5.3 install... I'm not aware of a trustable source for
2.x RPMs ...
> Example is the default group membership query in raddb/modules/ldap.
I *think* that's what I have already.
> Yes. Auth-Type LDAP needs to be set. If you force Auth-Type Accept in
> users file this will never be used.
Hrm... ok, understood.. So I need to figure out how to require the vpn
group and reject if it isn't there...
> Ivan Kalik
> Kalik Informatika ISP
--
---------------------------
Jason Frisvold
xenophage0 at gmail.com
---------------------------
"I love deadlines. I like the whooshing sound they make as they fly by."
- Douglas Adams
More information about the Freeradius-Users
mailing list