Global User Blacklist
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 31 14:41:53 CEST 2012
On 31/07/12 13:26, David Aldwinckle wrote:
> Hello,
>
> I figure that other people might benefit from this too, so...
>
> I was correct in my previous message. I added ldap to the authorize
> section of the inner tunnel, and did the group checking in the
> post-auth of the default server and everything worked wonderfully.
This isn't working for the reasons you seem to think.
The syntax:
if (Ldap-Group == xx)
...performs a dynamic search against the LDAP directory for the user &
group membership.
If you're doing this in the "default" post-auth, you're running LDAP
twice - once in the "inner-tunnel" authorize section, and once in the
"default" post-auth.
More information about the Freeradius-Users
mailing list