Freeradius 1.X.X and LDAP groups.
Michael March
mmarch at gmail.com
Thu Sep 10 22:49:54 CEST 2009
This worked great..
thanks!
On Thu, Sep 10, 2009 at 1:12 AM, Alan DeKok <aland at deployingradius.com> wrote:
> Michael March wrote:
>> I've been playing around with this all day and I'm stumped.
>
> Please read the "man" page for the "users" file.
>
>> Does anyone have a config for ANY version of FreeRadius that works
>> with LDAP groups?
>
> Yes.
>
>>
>> On Tue, Sep 8, 2009 at 11:17 PM, Michael March wrote:
>>> The scoop is I'm using Freeradius 1.1.3 under RHEL/Centos 5.2 and I'm
>>> trying to get authentication working so FreeRadius will authenticate a
>>> user OLNY if they are in a certain LDAP group.. In this case that
>>> group is called 'it'.
>
> That's simple enough.
>
>>> DEFAULT Auth-Type = LDAP
>>> Fall-Through = 1
>>>
>>> DEFAULT LDAP-Group == it
>>> Service-Type = Administrative-User
>
> That configuration does NOT match your requirements. It:
>
> a) sets authentication to LDAP
> b) adds Service-Type... for users in the "it" LDAP group
>
> It's really that simple.
>
> What you want is:
>
> a) for users in "it" group, set LDAP authentication
> b) reject everyone else
>
> i.e. For (a), put the configuration in ONE entry in the "users" file.
>
> DEFAULT LDAP-Group == "it", Auth-Type = LDAP
> # NO FALL-THROUGH
>
> DEFAULT Auth-Type := Reject
More information about the Freeradius-Users
mailing list