Ldap/freeradius gidnumber attribute check issue
David Francisco Rodriguez Perez
david.francisco.rodriguez at gmail.com
Thu Sep 3 16:42:35 CEST 2015
HI all
I am using freeradius to do 802.1x authentication (Peap/mschapv2) to an
LDAP (openldap). Freeradius version 2.1.10 in Ubuntu 12.04. This is a
Proof of Concept so far. The authentication is working fine but I have not
been able to match a group number in order to return a specificattribute.
My directory looks like:
dn: ou=Gente,dc=testexample,dc=com
objectClass: organizationalUnit
ou: Gente
dn: ou=Groups,dc=testexample,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=students,ou=Groups,dc=testexample,dc=com
objectClass: posixGroup
cn: students
gidNumber: 5000
dn: uid=david,ou=Gente,dc=testexample,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: radiusprofile
objectClass: sambaSamAccount
uid: david
sn: Rodriguez
givenName: David
cn: David Rodriguez
displayName: David Rodriguez
uidNumber: 10000
gidNumber: 5000
dialupAccess: access_attr
sambaSID: S-1-0-0-201000
sambaNTPassword:
sambaLMPassword:
So as I read i should use groupmembership_attribute but I did not found a
way to use it. So I put in the dictionary:
ATTRIBUTE GroupNumber 3003 integer
And then I put in the ldap.attrmap file:
checkItem GroupNumber gidNumber
And then I put in the users file:
DEFAULT GroupNumber == 5000
Filter-Id :="UNP-test"
But I do not see that the match is working. Even I tried to put in the
authorize part of default file
update reply {
Filter-Id:= %(GroupNumber)
}
But it did not expand anything.
So how should I derive the gidNumber in order to return an attribute to the
authenticator.
Thanks a lot,
David
More information about the Freeradius-Users
mailing list