Freeradius + Ldap - Authorise OK but NO dynamic VLANs
Alan DeKok
aland at deployingradius.com
Mon Aug 22 11:19:45 CEST 2016
On Aug 22, 2016, at 8:06 AM, Matthew Pulis <mpulis at gmail.com> wrote:
>
> I am still far from any result. After spending another weekend in, I would
> truly appreciate any further guidance. Thanks for your patience and help.
My $0.02 is that you've been trying a lot of things, and haven't made progress. The solution is simple: do less.
Start with the default configuration. It works.
Configure the LDAP module as per your specs, and nothing else.
Ensure that the server starts, and connects to LDAP.
Update raddb/sites-available/default, the "authorize" section, to add:
if (Ldap-Group == "SeminaryAdmin") {
ok
}
And then run the server in debugging mode. Send it requests via radclient.
You don't really care what the response from the server is. You *do* care to see what happens when that LDAP-Group check is done.
Read the output to see where it's searching in LDAP. Ensure that it's searching in the right place.
The larger concern is that LDAP module is designed to work with a relatively standard LDAP schema. The more you vary the schema, the harder it is to get it to work. The on-line docs and examples will help you less, because they also expect standard schema.
With a standard schema, doing LDAP group checks is a matter of about 5 minutes work. Which leads me to conclude that either your schema is overly complex, or there's something very simple that's missing.
Alan DeKok.
More information about the Freeradius-Users
mailing list