FreeRadius ldap queries are not executed
Matthew Newton
mcn at freeradius.org
Fri Mar 21 15:01:29 UTC 2025
On 21/03/2025 14:55, Matvey Teplov via Freeradius-Users wrote:
>
> ldap ms_ad {
Creates an instance of the ldap module, called "ms_ad".
> server = 'ad-server-cluster'
> identity = 'CN=labs,OU=Service Accounts,DC=boo,DC=nl'
> The full post_auth was before:
>
> post-auth {
>
> ldap ms_ad
>
Makes no sense. Just give the instance name, e.g.
ms_ad
> (5) post-auth {
> (5) [ldap] = noop
Calls the instance "ldap" (presumably before you added "ms_ad" to the end).
> (5) if (&control:LDAP-Group == "Radius_Admin_Group") {
> (5) ERROR: Failed retrieving values required to evaluate condition
> (5) elsif (&control:LDAP-Group == "Radius_ReadOnly_Group") {
>
> If in the post-auth section has ldap ms_ad as before, the startup fails altogether with: "/etc/freeradius/3.0/sites-enabled/default[36]: Expecting section start brace '{' after "ldap ms_ad" error.
Because "ldap ms_ad" is a syntax error. Just use the name of the module
instance.
--
Matthew
More information about the Freeradius-Users
mailing list