> Just a gap of our users file, we have 18 default lines and additional 4 for a > local/PAP user: > > > DEFAULT Auth-Type := LDAP, Huntgroup-Name == consoleserver, LDAP-Group == > "<LDAP-GROUP-Team-a>" > Login-Service = Telnet >
FWIW, since it's the LDAP-Group attribute that you're having trouble with, we are doing LDAP auth with POSIX style LDAP auth data and I believe it gets around this by simply using the old "Group" attribute from before we migrated from PAP/unix (but still gets from LDAP): DEFAULT Group == acme, Pool-Name :="acme_pool", Auth-Type = Ldap This is a smaller network with 1 fallback LDAP server, and I know that the fallback is working and I'm pretty sure it passes on the proper group info to assign the correct IP pool in this case. It may not work with non-POSIX LDAP groups though... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html