Freeradius with openldap

Mik J mikydevel at yahoo.fr
Tue Nov 12 17:11:34 CET 2013


Hello Andres,

Thank you for your answer.
I use radiusd version 2.2.0

I found that groupmembership_filter when I googled for some answers but I have set it back to
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})
as it was in the original file

I have enabled the ldap debug but I don't see anything related to the groups and any specific reply if a member belongs to a group.

What should I use for the groupmembership_attribute variable, do I have to replace "radiusGroupName" ?


Regards




Le Mardi 12 novembre 2013 8h25, Andres Septer <andres.septer at gmail.com> a écrit :
 

>
>
>2013/11/12 Mik J <mikydevel at yahoo.fr>
>
>
>>
>>I'm confuse how freeradius will proceed
>>- Search for myuser in the ldap using the account I provided in modules/ldap
>>- Check the users password
>
>
>You can turn on LDAP debug, it helped me a lot. Check last section of ldap module config
><------>#  ldap_debug: debug flag for LDAP SDK
><------>#  (see OpenLDAP documentation).  Set this to enable
><------>#  huge amounts of LDAP debugging on the screen.
><------>#  You should only use this if you are an LDAP expert.
><------>#
><------>#<----->default: 0x0000 (no debugging messages)
><------>#<----->Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
><------>ldap_debug = 0x0028.
>
>
> 
>groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))"
>
>
>My groupmembership filter in 2.1.1 looks like this
>
>
><------>groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))
><------> groupmembership_attribute = radiusGroupName
>
>
>Config syntax seems to hint that you have very old freeradius. Which version?
>
>
> Groups can be checked via LDAP-group variable
>
>
>A.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131112/a7f8f257/attachment.html>


More information about the Freeradius-Users mailing list