group authorization

Alan DeKok aland at
Wed Mar 26 01:40:02 CET 2014

Brendan Kearney wrote:
> dont be so literal.  i changed what looked like it would make a
> difference and changed it back when it didnt.

  Then say that.  The only way I know what you're doing is when you say so.

>>   You know the query string, why not use it in the "filter" configuration?
> not sure i do, but more and more i dont think that is the correct place
> to be looking.

  Why?  The "filter" configuration item is the *only* place where the
LDAP "uid" search string is set.  Editing anything else won't help.

> so, how do i make radius query correctly, so that ldap finds what i want
> it to?

  Read the documentation and configure it as required.

  This isn't hard.  Configure the "filter" item with the LDAP search
string you need.  If it doesn't work, read the debug output.  It will
show either an error, or that the user information wasn't found.  It's
just an LDAP search string... so if the user wasn't found, fix the string.

  The FreeRADIUS debug mode prints out the LDAP searches it's doing, so
you can re-run the searches manually.  Use them in "ldapsearch".

  The problem as I see it is you're saying "I did a bunch of stuff".
But you're not saying *exactly* what you did, or what happened.  These
are computers... they are blatantly literal.  Vague statements like "I
tried things" aren't good enough.

  Alan DeKok.

More information about the Freeradius-Users mailing list