Tricky problem with ldap and primary groups in AD
Alan DeKok
aland at deployingradius.com
Thu Aug 2 00:49:23 CEST 2012
Franks Andy (RLZ) IT Systems Engineer wrote:
> 2) Check the primarygroupid attribute out by mapping it using
> ldap.attrmap and attributes in the dictionary file, but then as far as I
> can tell I can’t use these as checkitems within the users file.
So? See "man unlang". You can write policies directly in the
configuration files.
> It’s
> also tedious to have to know the primarygroupIDs for each group. I’d
> quite like the users file to be the main source of passing radius
> attributes back to clients, but there may be another way?
LDAP makes this difficult.
Alan DeKok.
More information about the Freeradius-Users
mailing list