Freeradius + LDAP Group check
Alan DeKok
aland at deployingradius.com
Thu Aug 19 02:39:23 CEST 2010
Douglas Caro wrote:
> I'm trying to modify a working configuration to add one more
> authentication service in FreeRadius.
What's an "authentication service" ?
> I already have one configuration to authenticate users in ldap to use
> wireless network. See the radiusd.conf:
Please don't post config files. They're rarely necessary.
> and, the users file:
>
> users
> ========================================
> DEFAULT Auth-Type := MS-CHAP
Don't force Auth-Type. Really. This is documented in all sorts of
places.
> This is enough to provide access to users in wireless network.
No, it's not. Forcing Auth-Type like you did will *prevent* wireless
access.
> I need to add a Radius Auth in Ldap to Switches devices with Group Check.
No... you want to *retrieve* passwords from LDAP. LDAP is a database.
You don't do "RADIUS Auth in LDAP".
> and many instances like groupmembership_filter, groupname_attribute,
> filter, base_filter, access_attr, groupmembership_attribute, but nothing
> do the group check in ldap!
Read doc/rlm_ldap. This is on the Wiki, too.
Alan DeKok.
More information about the Freeradius-Users
mailing list