Tricky problem with ldap and primary groups in AD

Alan DeKok aland at
Thu Aug 2 00:49:23 CEST 2012

Franks Andy (RLZ) IT Systems Engineer wrote:
> 2)      Check the primarygroupid attribute out by mapping it using
> ldap.attrmap and attributes in the dictionary file, but then as far as I
> can tell I can’t use these as checkitems within the users file.

  So?  See "man unlang".  You can write policies directly in the
configuration files.

> It’s
> also tedious to have to know the primarygroupIDs for each group. I’d
> quite like the users file to be the main source of passing radius
> attributes back to clients, but there may be another way?

  LDAP makes this difficult.

  Alan DeKok.

More information about the Freeradius-Users mailing list