[EXT] Fetching memberOf attribute
Alan DeKok
aland at deployingradius.com
Mon Jun 2 13:12:01 UTC 2025
On Jun 2, 2025, at 8:34 AM, Matvey Teplov via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Picking this outstanding action. I tried "reject" before, and it is a problem. The startup comes with:
>
> /etc/freeradius/3.0/sites-enabled/default[85]: Failed to find "reject" as a module or policy.
> /etc/freeradius/3.0/sites-enabled/default[85]: Please verify that the configuration exists in /etc/freeradius/3.0/mods-enabled/reject.
> /etc/freeradius/3.0/sites-enabled/default[85]: Failed to parse "reject" entry.
Because you edited the default configuration and broke it. Don't do that.
The "reject" module is defined in mods-available/always. You've either edited it to remove the "reject" entry, or you've disabled it by removing mods-enabled/always,
> Also, the simple '==' doesn't work either, and that's why the loop is there. It is coming back with during authentication:
> (0) if (&control:ldap-LDAP-Group[*] == "CN=Radius_ReadOnly_Group,DC=Groups,DC=abc,DC=abc") {
> (0) ERROR: Failed retrieving values required to evaluate condition
The LDAP-Group attribute is documented in the Wiki: https://wiki.freeradius.org/modules/Rlm_ldap
Follow those examples and it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list