dynamic expansion will not be dynamically expanded in ldap configuration

Alan DeKok aland at deployingradius.com
Tue Apr 28 12:48:05 CEST 2015

On Apr 28, 2015, at 2:25 AM, Angel L. Mateo <amateo at um.es> wrote:
> 	The message I sent on 4/24 had an attachment. I have just realized that the list distributed it without it (I don't know why, but I have checked it in my sent messages).
> 	Here it is again

  As a zip file.  <sigh>  You do know that the list accepts text, right?  Why are you making it as difficult as possible for people to help you?

  The debug log seems clear:

(0) files_adminslogin: users: Matched entry DEFAULT at line 8
(0)     [files_adminslogin] = ok

  So... what's on line 8?  Is the entry with LDAP-Group before or after line 8 of that file?

  And why have you renamed many of the modules?  Perhaps you could have said this before.

  The advice I give here assumes that (a) you've described what you're doing, and (b) failing that, you're using the default configuration.

  Neither assumption seems to be true.

  Since you've renamed the LDAP module, you have to use a different name for the LDAP-Group attribute.  One that refers to the name you've given it.  In this case, "ldap-uid-LDAP-Group".  And you likely won't be able to use "Auth-Type := LDAP", either. 

  Or, you could just use NORMAL names for the modules.  There is really no reason to rename them.

  This should be a lesson that you MUST (a) describe what you're doing, and (b) generally stay with the default configuration.

  Alan DeKok.

More information about the Freeradius-Users mailing list