group authorization

Brendan Kearney bpk678 at
Wed Mar 26 01:01:40 CET 2014

On Tue, 2014-03-25 at 19:47 -0400, Alan DeKok wrote:
> Brendan Kearney wrote:
> > i have edited that file, and played with everything i can think of, or
> > can find to try getting this working.
>   That is entirely the wrong approach.  You don't "play" with things, or
> randomly edit files.  You update the LDAP "filter" item with the LDAP
> query string you want to use.
dont be so literal.  i changed what looked like it would make a
difference and changed it back when it didnt.

>   You know the query string, why not use it in the "filter" configuration?
not sure i do, but more and more i dont think that is the correct place
to be looking.

> > for some reason the radiusReplyItem specified as an attribute of the
> > groupOfNames is not being returned to the radius instance:
> > 
> > [ldap] looking for reply items in directory...
> > ...
> > 
> > the output should be:
> > 
> > [ldap] looking for reply items in directory...
> >   [ldap] extracted attribute Cisco-AVPair from generic item Cisco-AVPair
> > = "shell:priv-lvl=15"
>   Yes, that should be there.  Unless it can't find the reply items in
> the LDAP directory.  Then it won't find then... and it won't print out
> the debug message saying that it found them.
so, how do i make radius query correctly, so that ldap finds what i want
it to?
> > i dont know what i should be changing to have the correct query done
> > from the radius side, so that ldap responds with what it already is
> > configured to respond with.
>   That sentence doesn't make sense.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list