Microsoft AD group check

[Alan DeKok]

On Jan 12, 2020, at 4:38 PM, Marek Smoliński <marksmol at o2.pl> wrote:
> 
> This message is visible at server startup with the freeradius -XXX command
> 
> (9)       Checking user object's memberOf attributes
> (9)         Performing unfiltered search in "CN=A0700-GARWOLIN,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD", scope "base"
> (9)         Waiting for search result...
> (9)       Processing memberOf value "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" as a DN
> (9)         Resolving group DN "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" to group name
> (9)         Performing unfiltered search in "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD", scope "base"
> (9)         Waiting for search result...
> (9)         Group DN "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" resolves to name "VLAN130_SIEO1"
> rlm_ldap (ldap): Released connection (0)
> (9)       User is not a member of "VLAN129"
> (9)       elsif (LDAP-Group == VLAN129)  -> FALSE
> (9)       elsif (LDAP-Cached-Membership[*] =~ /.*VLAN130_.*/) {
> 
>       this is where the message appears - No old matches

  That message doesn't appear anywhere in the debug output.

  PLEASE describe errors correctly.  DO NOT re-phrase errors in your interpretation of what they mean.  DO copy the errors verbatim from the debug output to the mailing list.

  And where is the LDAP-Cached-Membership attribute coming from?  We can read the debug output, but we can't read your mind.  What did you change to add it.  Why?

  This process is not productive.  If we're going to help you, we need to get a CORRECT and CLEAR description of the problem.  The more time you waste doing something else, the longer it takes to fix the problem.

  Alan DeKok.