LDAP Groups to Freeradius and then Ruckus Wireless?

Enrique Sainz Baixauli enriquesainz.beca at intef.educacion.es
Wed May 28 12:10:59 CEST 2014

Hi again,

So I'm now working with version 3.0.3 and I have moved all of my configs to
the new format. I can do, as I did on v2.1.2, group checking in users file
via the Ldap-Group virtual attribute. That's fine, but it's not what I need.
I need the group info to be forwarded to the client, and I'm trying to do so
in mods-available/ldap (symlinked to mods-enabled/). As there is no
ldap.attrmap file and the update section in mods-available/ldap seems to be
for that purpose, I'm mapping attributes there:

reply:Ruckus-User-Groups	:= 'control:memberOf'

Ruckus-User-Groups is defined in a dictionary file for vendor Ruckus. But
any kind of attribute that I think may fit there I have already tried
(memberOf, Ldap-Group, Ldap-Membership...), and no matter what I try I see a
line like this in the debug output:

ldap :  Attribute 'control:memberOf' not found in LDAP Object

So my question is: how can I have freeradius run the logic behind Ldap-Group
and put that info in the reply? Because if I try it from users file
Ldap-Group is recognized and run, but from ldap config it just doesn't find
the attribute.

Thanks everyone one more time!

-----Mensaje original-----
freeradius-users-bounces+enriquesainz.beca=intef.educacion.es at lists.freeradi
[mailto:freeradius-users-bounces+enriquesainz.beca=intef.educacion.es at lists.
freeradius.org] En nombre de Enrique Sainz Baixauli
Enviado el: martes, 27 de mayo de 2014 16:17
Para: 'FreeRadius users mailing list'
Asunto: RE: LDAP Groups to Freeradius and then Ruckus Wireless?

>>> My suggestion again is to try v3.0.3, or debug the v2.x.x code yourself.
>>> It was weeks of effort to rewrite the rlm_ldap module for version 
>>> v3.0.x,
>> it was done for a reason.
>>> -Arran
>> Ok, so I'm trying to build version 3.0.3 for debian and I'm stuck at 
>> dpkg-buildpackage because it looks like it's running the configure 
>> step for rlm_mschap over and over:
>I'm actually surprised you were able to get that far. 3.0.3's debian 
script is broken (to be accurate, a patch needs refresh), and needs one
minor fix which is already in 3.0.x git branch.
>Try my test packages:

That's awesome, your repo should be easier to find ;) Thanks!

@Alan and Arran: I'm not building on an NFS share, but the time is not right
because the server is on a test network and is not connected to anything
else (except when installing packages). Thanks anyway, as Fajar's packages
solved this :D


List info/subscribe/unsubscribe? See

Texto aqadido por Panda Security for Desktops:

 Este mensaje NO ha sido clasificado como SPAM. Si se trata de un mensaje de
correo no solicitado (SPAM), haz clic en el siguiente vmnculo para

More information about the Freeradius-Users mailing list