How configure freeradius that check user group in Microsoft Active Direcory
Mathieu Simon (Lists)
matsimon.lists at simweb.ch
Thu Jan 23 23:15:53 CET 2014
Am 23.01.2014 22:34, schrieb Phil Mayers:
> On 23/01/14 20:56, Mathieu Simon (Lists) wrote:
>
>> 2 AD-specific gotchas:
>
> I will add a 3rd - primary group does not appear in memberOf, so you
> can't query it very easily.
Right, did you find a way to do this even less easily?
>> - AD supports nested groups which requires extra attention if you rely
>> on them. Look out for LDAP_MATCHING_RULE_IN_CHAIN in conjuction with
>> FreeRADIUS.
>
> Hey that is both new to me and really neat; someone should update the FR
> wiki and/or default configs with an example.
I've only stumbled across this post and realized that this can become
handy not only in the context of FreeRADIUS - I've used it in a rather
small AD environment - and currently seems to fulfill it's duty.
I originally found it here:
http://linax.wordpress.com/2012/07/17/freeradius-check-nested-ldap-group-membership/
Yes, having it in the Wiki or default configs would be cool in case,
currently I can only confirm that it worked for me.
-- Mat
More information about the Freeradius-Users
mailing list