Freeradius 1.X.X and LDAP groups.
Matthieu Lazaro
matthieu.lazaro at eservglobal.com
Thu Sep 10 10:05:38 CEST 2009
Hello,
In your LDAP config in radius, groupmembership_attribute = should
correspond to the attribute name in your LDAP where you specify the
group "it".
And groupname_attribute should match in a standard config radiusGroupName.
This is how it works on my config.
Regards,
Matt
Michael March a écrit :
> I've been playing around with this all day and I'm stumped.
>
> Does anyone have a config for ANY version of FreeRadius that works
> with LDAP groups?
>
>>
>> ========= /etc/raddb/users ===========
>>
>>
>> DEFAULT Auth-Type = LDAP
>> Fall-Through = 1
>>
>> DEFAULT LDAP-Group == it
>> Service-Type = Administrative-User
>>
>>
>> ========= /etc/raddb/radiusd.conf ===========
>>
>> ldap {
>> server = "192.168.150.140"
>> identity = "uid=admin,ou=People,dc=acme,dc=com"
>> password = "BadPass"
>> basedn = "dc=acme,dc=com"
>> filter = "(uid=%u)"
>> # base_filter = "(objectclass=radiusprofile)"
>>
>> start_tls = no
>>
>> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
>> # profile_attribute = "radiusProfileDn"
>> access_attr = uid
>>
>> # Mapping of RADIUS dictionary attributes to LDAP
>> # directory attributes.
>> dictionary_mapping = ${raddbdir}/ldap.attrmap
>>
>> ldap_connections_number = 5
>>
>> groupname_attribute = cn
>> groupmembership_filter =
>> "(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))"
>> groupmembership_attribute = it
>> timeout = 4
>> timelimit = 3
>> net_timeout = 1
>> compare_check_items = yes
>> # do_xlat = yes
>> access_attr_used_for_allow = yes
>> }
>>
>>
>>
>
>
More information about the Freeradius-Users
mailing list