Freeradius with openldap

Andres Septer andres.septer at gmail.com
Tue Nov 12 08:25:42 CET 2013


2013/11/12 Mik J <mikydevel at yahoo.fr>

>
> I'm confuse how freeradius will proceed
> - Search for myuser in the ldap using the account I provided in
> modules/ldap
> - Check the users password
>

You can turn on LDAP debug, it helped me a lot. Check last section of ldap
module config
<------>#  ldap_debug: debug flag for LDAP SDK
<------>#  (see OpenLDAP documentation).  Set this to enable
<------>#  huge amounts of LDAP debugging on the screen.
<------>#  You should only use this if you are an LDAP expert.
<------>#
<------>#<----->default: 0x0000 (no debugging messages)
<------>#<----->Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
<------>ldap_debug = 0x0028.



> groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))"
>

My groupmembership filter in 2.1.1 looks like this

<------>groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))
<------> groupmembership_attribute = radiusGroupName

Config syntax seems to hint that you have very old freeradius. Which
version?

 Groups can be checked via LDAP-group variable

A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131112/aac21f3d/attachment.html>


More information about the Freeradius-Users mailing list