LDAP Groups to Freeradius and then Ruckus Wireless?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed May 28 16:52:57 CEST 2014
On 28 May 2014, at 15:30, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:
>>>>> Uncomment:
>>>>>
>>>>> cache_attribute = 'LDAP-Cached-Membership'
>>>>>
>>>>> Then in authorize:
>>>>>
>>>>> ldap
>>>>>
>>>>
>>>> Sorry that's
>>>>
>>>> foreach &control:LDAP-Cached-Membership {
>>>> update reply {
>>>> Ruckus-User-Group += "%{Foreach-Variable-0}"
>>>> }
>>>> }
>>>
>>> Thank you very much, but trying to start the server resulted in a
>>> syntax error in '&control:LDAP-Cached-Membership': Unknown attribute
>>> "LDAP-Cached-Membership"
>>
>> Define it in the user dictionay as a string attribute.
>
> That's awesome, now the debug output shows that FR finds out which group
> each user belongs to. Also, capturing local packets with wireshark (because
> LDAP and FR are on the same machine) shows two request-responses, first for
> the user and then for the group, between FR and LDAP. But on the Ethernet
> interface there is nothing else aside from an Access-Request and an
> Access-Accept, but nothing related to the group in the response. Maybe
> wireshark doesn't show every field, but the packet length is only 20 so I
> think it's just not being sent by FR.
Hm, can you send over the output of -X.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140528/1eb2c668/attachment.pgp>
More information about the Freeradius-Users
mailing list