Trouble with freeradius and ldap groups
Alan DeKok
aland at deployingradius.com
Sat Jul 11 22:28:19 CEST 2015
On Jul 10, 2015, at 5:52 PM, D C <dc12078 at gmail.com> wrote
> So far this is working as expecting (mostly, but i'll save that for a
> different thread). I don't want to have to added each of the specific
> attributes into each ldap user who needs admin access. Instead I want to
> make the admin users members of an ldap group which contains the needed
> attributes.
That should be simple.
> I cannot get freeradius to use the ldap groups (and don't ever see it send
> ldap queries for groups).
>
> in my modules/ldap file I have:
> groupname_attribute = cn
> groupmembership_filter = "(member=%{control:Ldap-UserDn})"
> groupmembership_attribute = radiusGroupName
That tells FreeRADIUS *how* to check for LDAP groups. It doesn't tell it *when* to check for LDAP groups.
> Does anyone have an example of how this is supposed to be configured?
It's in the FAQ. Also on the Wiki:
http://wiki.freeradius.org/search?q=LDAP-Group
Alan DeKok.
More information about the Freeradius-Users
mailing list