Freeradius + LDAP Group check

Alan DeKok aland at deployingradius.com
Thu Aug 19 02:39:23 CEST 2010


Douglas Caro wrote:
> I'm trying to modify a working configuration to add one more
> authentication service in FreeRadius.

  What's an "authentication service" ?

> I already have one configuration to authenticate users in ldap to use
> wireless network. See the radiusd.conf:

  Please don't post config files.  They're rarely necessary.

> and, the users file:
> 
> users
> ========================================
> DEFAULT Auth-Type := MS-CHAP

  Don't force Auth-Type.  Really.  This is documented in all sorts of
places.

> This is enough to provide access to users in wireless network.

  No, it's not.  Forcing Auth-Type like you did will *prevent* wireless
access.

> I need to add a Radius Auth in Ldap to Switches devices with Group Check.

  No... you want to *retrieve* passwords from LDAP.  LDAP is a database.
 You don't do "RADIUS Auth in LDAP".

> and many instances like groupmembership_filter, groupname_attribute,
> filter, base_filter, access_attr, groupmembership_attribute, but nothing
> do the group check in ldap!

  Read doc/rlm_ldap.  This is on the Wiki, too.

  Alan DeKok.



More information about the Freeradius-Users mailing list