group authorization
Brendan Kearney
bpk678 at gmail.com
Wed Mar 26 01:01:40 CET 2014
On Tue, 2014-03-25 at 19:47 -0400, Alan DeKok wrote:
> Brendan Kearney wrote:
> > i have edited that file, and played with everything i can think of, or
> > can find to try getting this working.
>
> That is entirely the wrong approach. You don't "play" with things, or
> randomly edit files. You update the LDAP "filter" item with the LDAP
> query string you want to use.
dont be so literal. i changed what looked like it would make a
difference and changed it back when it didnt.
> You know the query string, why not use it in the "filter" configuration?
not sure i do, but more and more i dont think that is the correct place
to be looking.
>
> > for some reason the radiusReplyItem specified as an attribute of the
> > groupOfNames is not being returned to the radius instance:
> >
> > [ldap] looking for reply items in directory...
> > ...
> >
> > the output should be:
> >
> > [ldap] looking for reply items in directory...
> > [ldap] extracted attribute Cisco-AVPair from generic item Cisco-AVPair
> > = "shell:priv-lvl=15"
>
> Yes, that should be there. Unless it can't find the reply items in
> the LDAP directory. Then it won't find then... and it won't print out
> the debug message saying that it found them.
so, how do i make radius query correctly, so that ldap finds what i want
it to?
>
> > i dont know what i should be changing to have the correct query done
> > from the radius side, so that ldap responds with what it already is
> > configured to respond with.
>
> That sentence doesn't make sense.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list