Microsoft AD group check
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Jan 12 20:51:41 CET 2020
> On Jan 12, 2020, at 2:40 PM, Marek SmoliĆski <marksmol at o2.pl> wrote:
>
> One computer can only be in one group in AD unfortunately because of the high complexity of AD, delegations of permissions for AD administrators are so many groups.
>
> I have cachable_name and cacheable_dn enabled, I may not be able to use it.
>
> I've tried to follow the documentation. In post-auth:
>
> update control {
> Cache-Status-Only = 'yes'
> }
> cache
> if (notfound) {
> ldap
> if (LDAP-Group =~ /.*VLAN16_.*/) {
> update reply {
> ...
> }
> }
> }
> cache
>
> I see a message in debug: Debug: No old matches
>
> What am I doing wrong?
Post the debug output and we might be able to tell you.
-Arran
More information about the Freeradius-Users
mailing list