Freeradius with openldap
Andres Septer
andres.septer at gmail.com
Tue Nov 12 08:25:42 CET 2013
2013/11/12 Mik J <mikydevel at yahoo.fr>
>
> I'm confuse how freeradius will proceed
> - Search for myuser in the ldap using the account I provided in
> modules/ldap
> - Check the users password
>
You can turn on LDAP debug, it helped me a lot. Check last section of ldap
module config
<------># ldap_debug: debug flag for LDAP SDK
<------># (see OpenLDAP documentation). Set this to enable
<------># huge amounts of LDAP debugging on the screen.
<------># You should only use this if you are an LDAP expert.
<------>#
<------>#<----->default: 0x0000 (no debugging messages)
<------>#<----->Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
<------>ldap_debug = 0x0028.
> groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))"
>
My groupmembership filter in 2.1.1 looks like this
<------>groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))
<------> groupmembership_attribute = radiusGroupName
Config syntax seems to hint that you have very old freeradius. Which
version?
Groups can be checked via LDAP-group variable
A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131112/aac21f3d/attachment.html>
More information about the Freeradius-Users
mailing list