LDAP Groups to Freeradius and then Ruckus Wireless?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri May 23 14:09:56 CEST 2014

On 23 May 2014, at 12:47, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:

>> You should be able to use the attrmap file to map memberOf or whatever
> membership attribute you use to a reply attribute.
> So I included in /usr/share/freeradius/dictionary a new dictionary.ruckus
> file with vendor information for Ruckus that defines the attribute to be
> returned:
> [...]
> ATTRIBUTE	Ruckus-User-Groups	1	string
> [...]
> And a new line in ldap.attrmap to reply that attribute:
> replyItem	Ruckus-User-Groups	member
> member being the groupmember_attribute set in modules/ldap, and also the
> attribute name in LDAP that makes membership effective.
> But the result is the same, no additional debug output in radiusd -XXX or
> when testing a user authentication with radtest. Am I doing anything wrong
> here?

Nope, trace the LDAP conversation with wireshark and see what's being requested and returned.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/69f4082f/attachment.pgp>

More information about the Freeradius-Users mailing list