Access-Accept / Access-Reject based on LDAP Group & SSID
Alan DeKok
aland at deployingradius.com
Thu Mar 19 18:14:59 CET 2015
On Mar 19, 2015, at 12:20 PM, Ben Humpert <ben at an3k.de> wrote:
> I already read plenty of Howtos, manpages and configuration examples
> and tried to find a Guide for what I'm trying to archive.
Most third-party guides aren’t worth the effort. It’s better to UNDERSTAND what’s going on, rather than to follow a guide which may or may not be applicable.
> What I exactly want to archive is RADIUS to check
> 1) if the group the user is in is allowed to log into
> Called-Station-Ssid “guest"
That’s in the FAQ.
> 2) if the username & password is correct
The server does that if you configure a user/password. i.e. tell it to look the user up in LDAP.
> 3) if user has "dialupAccess” set
See the LDAP module configuration for how that works.
> I'm running Ubuntu 14.04.1, FreeRADIUS 2.1.12 and OpenLDAP 2.4.31
<sigh> Upgrade to 2.2.6. The Debian / Ubuntu people have fixated on 2.2.12 for reasons I don’t understand.
> I'd start from scratch but have modified dictionary, policy.conf and
> sites-available/default according to
> http://wiki.freeradius.org/guide/Mac-Auth
Are you doing MAC Auth? If so, then the guide should work. If you’re not doing MAC Auth, then why the heck are you following the MAC auth guide?
Alan DeKok.
More information about the Freeradius-Users
mailing list