Freeradius + Ldap - Authorise OK but NO dynamic VLANs

Matthew Newton mcn4 at leicester.ac.uk
Fri Aug 19 13:05:58 CEST 2016


On Fri, Aug 19, 2016 at 12:24:18PM +0200, Matthew Pulis wrote:
> This is the ttester  ldap search. I am seeing them matching :S
> 
> radius at daloradius:/etc/freeradius$ ldapsearch -h localhost -D
> "cn=admin,dc=seminary,dc=local" -w PASSWORD -b
> "cn=ttester,cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local"

That isn't the same search. Read the debug output:

> ou=SeminaryOU,dc=seminary,dc=local, with filter
> (&(cn=SeminaryAdmin)(|(&(objectClass=GroupOfNames)(member=cn\3dttester\2ccn\3dSeminaryAdmin\2cou\3dSeminaryOU\2cdc\3dseminary\2cdc\3dlocal))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dttester\2ccn\3dSeminaryAdmin\2cou\3dSeminaryOU\2cdc\3dseminary\2cdc\3dlocal))))

What result do you get when you use the same filter?


> RE Freeradius version: not sure if I should go for one different to my
> distro :S

The biggest problem is the newest version in any distro is 3.0.4,
and that is two years old. Most distros have version 2, which is
even older. FreeRADIUS is now up to 3.0.11 (nearly 12) and 4.0 is
in the works. There's no effort or desire to support obsolete
software that distros can't be bothered to update.

Also, if you're building a new service on obsolete software, then
you're only going to create more work for yourself in the future.
The config from 2.x to 3.x isn't directly compatible.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list