LDAP Groups to Freeradius and then Ruckus Wireless?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jun 5 12:39:50 CEST 2014
On 5 Jun 2014, at 10:52, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:
>> Is rlm_cache the answer to my problems? If so, should I just call it in
> authorize in inner-tunnel after ldap and then to retrieve in default server
> post-auth? Or when/how? And if not, any other solutions to this?
>
> After a few trial-and-error runs, I've gotten it to work. For the record,
> this is my config:
>
> mods-enabled/cache:
>
> update {
>
> }
If you upgrade to v3.0.x HEAD it can be made even simpler.
mods-available/cache:
update {
control:LDAP-Group += &control:LDAP-Group
<additional LDAP password attributes you need>
}
sites-enabled/inner-tunnel:
authorize {
[...]
update control {
Cache-Read-Only := yes
}
cache
if (notfound) {
ldap
cache
}
[...]
}
That's actually significantly more efficient, as it guarantees there will only ever be one call out to LDAP for the entire EAP authentication.
Well done for getting it working :)
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140605/0272b1ba/attachment.pgp>
More information about the Freeradius-Users
mailing list