Authenticating again LDAP, specific group
Peter Lambrechtsen
plambrechtsen at gmail.com
Wed Aug 4 01:46:06 CEST 2010
This is how I have done it:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
Works a treat for me.
On Wed, Aug 4, 2010 at 11:27 AM, Cory Johnson <cjohnson at commspeed.net>wrote:
> Greetings,
>
> I am running FreeRADIUS 2.1.8 on Ubuntu 8.04, attempting to use the ldap
> module. I only want to authenticate users in a certain group. These groups
> exist in LDAP as a "posixGroup" with a "memberUID" list. As I have it
> configured currently, I get an "Access-Accept" for any user in the
> directory.
>
> The ldap module is configured as such:
>
> ldap {
> server = "192.168.1.99"
> identity = "cn=admin,dc=corp,dc=example,dc=com"
> password = s3cret
> basedn = "dc=corp,dc=example,dc=com"
> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
> ldap_connections_number = 5
>
> timeout = 4
>
> timelimit = 3
>
> net_timeout = 1
>
> tls {
> start_tls = no
> }
>
> dictionary_mapping = ${confdir}/ldap.attrmap
>
> edir_account_policy_check = no
>
> groupname_attribute = cn
> groupmembership_attribute = NOC
> groupmembership_filter =
> (&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))
>
> }
>
> I've also seen recomendations to add something like this to the users file:
> DEFAULT LDAP-Group == NOC
> Service-Type = Administrative-User
>
> Now I can see the service-type displayed when I do a radtest using the
> username/password of users in the "NOC" group, but I still see an
> "Access-Accept" for users who are not in the group.
>
> How can I make the server reject users that aren't in the NOC group? Any
> hints would be fantastic.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100804/59dd8a83/attachment.html>
More information about the Freeradius-Users
mailing list