group authorization
Brendan Kearney
bpk678 at gmail.com
Wed Mar 26 02:24:18 CET 2014
> Why? The "filter" configuration item is the *only* place where the
> LDAP "uid" search string is set. Editing anything else won't help.
the uid vs dn may not be the issue (or at least not the only issue).
> Read the documentation and configure it as required.
i did and its vague. also its contradicted by what is on the freeradius
site, which googling around turns up.
> This isn't hard. Configure the "filter" item with the LDAP search
> string you need. If it doesn't work, read the debug output. It will
> show either an error, or that the user information wasn't found. It's
> just an LDAP search string... so if the user wasn't found, fix the string.
where do i find the different variables that are referenced
(Stripped-User-Name, User-Name, control:Ldap-UserDn, etc)? where is the
documentation around what %{%{Stripped-User-Name}:-%{User-Name}} does vs
%{%{control:Ldap-UserDn}:-%{control:Ldap-UserDn}} (which does not seem
to work anyway)
> The FreeRADIUS debug mode prints out the LDAP searches it's doing, so
> you can re-run the searches manually. Use them in "ldapsearch".
need the pointer to the above info
> The problem as I see it is you're saying "I did a bunch of stuff".
> But you're not saying *exactly* what you did, or what happened. These
> are computers... they are blatantly literal. Vague statements like "I
> tried things" aren't good enough.
yes, and a bunch of stuff is all that can be tried/done when no real,
comprehensive howtos exist on how to do this.
http://www.clearfoundation.com/docs/howtos/setting_up_radius_to_use_ldap
is the best i have found, and it does not work, is outdated or does not
do everything i am looking for.
More information about the Freeradius-Users
mailing list