LDAP redundant with LDAP-Group within users file

up at 3.am up at 3.am
Thu Jun 30 18:29:01 CEST 2011


> Just a gap of our users file, we have 18 default lines and additional 4 for a
> local/PAP user:
>
>
> DEFAULT Auth-Type := LDAP, Huntgroup-Name == consoleserver, LDAP-Group ==
> "<LDAP-GROUP-Team-a>"
>         Login-Service = Telnet
>

FWIW, since it's the LDAP-Group attribute that you're having trouble with, we are
doing LDAP auth with POSIX style LDAP auth data and I believe it gets around this
by simply using the old "Group" attribute from before we migrated from PAP/unix
(but still gets from LDAP):

DEFAULT		Group == acme, Pool-Name :="acme_pool", Auth-Type = Ldap

This is a smaller network with 1 fallback LDAP server, and I know that the
fallback is working and I'm pretty sure it passes on the proper group info to
assign the correct IP pool in this case.  It may not work with non-POSIX LDAP
groups though...



More information about the Freeradius-Users mailing list