Active directory groups

Phil Mayers p.mayers at imperial.ac.uk
Fri May 20 16:26:29 CEST 2011


On 20/05/11 15:14, Doty, Seth wrote:
> I must be doing something wrong in my filtering because it keeps dumping
> me into unclassified instead of passing the group I assigned. I have
> setup a security group specifically for this test and i am indeed in the
> group.
>
> I set it up like this in sites-enabled/inner-tunnel because it seemed
> this manner was a little more flexible for our needs:
>
> post-auth {
>          if (Ldap-Group == "CN=STNE_Wireless_Authentication,ou=Security
> Groups,ou=test,ou=test,dc=AD,dc=ne,dc=gov") {

This is wrong. You don't give the group DN. You give the value of 
"groupname_attribute" in the ldap module, defaults to "cn", i.e.

post-auth {
   if (Ldap-Group == STNS_Wireless_Authentication) {
     ..
   }
}



More information about the Freeradius-Users mailing list