Freeradius 1.X.X and LDAP groups.

Thu Sep 10 11:27:53 CEST 2009

Hi all ,
I am on the same problem ...and I wanna say one thing:
DEFAULT  LDAP-Group == "it",* Auth-Type = LDAP* ....doesn't work (as it
mentioned in etc/radb/modules/ldap file ...That's all!!!
freeradiusServer  2.1.6

2009/9/10 Alan DeKok <aland at deployingradius.com>

> Michael March wrote:
> > I've been playing around with this all day and I'm stumped.
>
>   Please read the "man" page for the "users" file.
>
> > Does anyone have a config for ANY version of FreeRadius that works
> > with LDAP groups?
>
>   Yes.
>
> >
> > On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote:
> >> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm
> >> trying to get authentication working so FreeRadius will authenticate a
> >> user OLNY if they are in a certain LDAP group.. In this case that
> >> group is called 'it'.
>
>   That's simple enough.
>
> >> DEFAULT Auth-Type = LDAP
> >>         Fall-Through = 1
> >>
> >> DEFAULT LDAP-Group == it
> >>         Service-Type = Administrative-User
>
>   That configuration does NOT match your requirements.  It:
>
>   a) sets authentication to LDAP
>   b) adds Service-Type... for users in the "it" LDAP group
>
>  It's really that simple.
>
>  What you want is:
>
>   a) for users in "it" group, set LDAP authentication
>   b) reject everyone else
>
>  i.e. For (a), put the configuration in ONE entry in the "users" file.
>
> DEFAULT  LDAP-Group == "it", Auth-Type = LDAP
> # NO FALL-THROUGH
>
> DEFAULT Auth-Type := Reject
>
>  Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

-- 
JJohnny R.
Phone: +212663682554, +212533158575
Tangier National School of Applied Sciences
ZIP 1818 TANGIER 90000
---------Morocco ---------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090910/fad0fe0f/attachment.html>