Active directory integration and grant access base on AD group membership
Luc Paulin
paulinster at gmail.com
Tue Feb 14 17:57:14 CET 2017
Thanx Matthew,
I already had a look at that url but look like it doesn't work. must be
something I am not doing right .. but unsure what ..
I have create a huntgroup which look like this ..
wireless NAS-IP-Address == 10.1.0.81
and my users file only has the following line in it ..
DEFAULT Ldap-Group == "admin-galaxie", Huntgroup-Name == "wireless"
So my understand is that users that aren't member of the wireless-users
group shouldn't be granted access to the wireless network/device. But that
isn't what happenning .. everyone is granted access
I have attach my radiusd -x log output
--
!!!!!
( o o )
--------------oOO----(_)----OOo--------------
Luc Paulin
email: paulinster(at)gmail.com
Skype: paulinster
2017-02-14 11:33 GMT-05:00 Matthew Newton <mcn4 at leicester.ac.uk>:
> On Tue, Feb 14, 2017 at 11:23:33AM -0500, Luc Paulin wrote:
> > Now I would like grant system access base on group membership from active
> > directory. How can this be done. I have tried by configuring the users
> and
> > huntgroup files, but look like it grant access to everyone if
> > username/password is good.
>
> Have a look at group support in rlm_ldap.
>
> http://wiki.freeradius.org/modules/Rlm_ldap#group-support
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-log
Type: application/octet-stream
Size: 51562 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170214/4f92bd89/attachment-0001.obj>
More information about the Freeradius-Users
mailing list