On Mon, 6 May 2002, John wrote:
> It was my understanding that this type of check is done in the authorize and the
> authenticate sections.
Not really, the modules register a groupcmp function which can be used by the
server and other modules.
> However, I checked and sure enough I had the unix
> module listed in accounting. I removed this, restarted the server and had the
> same results (no ldap/group checks).
>
> Just for fun, I threw ldap into accounting and radiusd promptly yelled at me for
> being an idiot.
>
> I have actually been whittling down my modules per section throughout last week
> attempting to get this work. It is well within the realm of possibility that I may
> have removed a module which could interfere with config-debugging efforts. I
> have pasted my config below your quoted message.
Yes you have. The files module from the authorize section. That is the module
responsible for 'runing' the users file where the group checks are done.
>
> BTW, your comment about adding an Ldap-Group attribute both encourages and
> disturbs me. What is the status of checking for ldap group membership if
> freeradius (0.5)?
Working just fine. I just checked it. The Ldap-Group attribute will be added in
order to not have each module override the other.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
>
> > Well it most probably will :-)
> > Do you have the unix module in your accounting section? It is needed for
> > the
> > radwtmp file (although that should be on a module of it's own). If yes try
> > removing it. The unix module has a groupcmp function of it's own which
> > overrides the one registered by the ldap module.
> >
> > Alan is it ok if I go on and add an Ldap-Group attribute for ldap group
> > membership?
> >
> > --
> > Kostas Kalevras Network Operations Center
>
> Section configurations. I have removed the colorful comments in order to save
> space.
>
> authorize {
> ldap
> }
> authenticate {
> ldap {
> notfound = RETURN
> }
> }
> preacct {
> suffix
> files
> preprocess
> }
> accounting {
> detail
> radutmp
> }
> session {
> radutmp
> }
>
>
> John Hogenmiller, kb3dfz
> Systems Administrator, Pennswoods.net
> 1(877)897-4883 x 592
> ---
> Wouldn't the sentence "I want to put a hyphen between the words Fish
> and And and And and Chips in my Fish-And-Chips sign" have been clearer if
> quotation marks had been placed before Fish, and between Fish and and, and
> and and And, and And and and, and and and And, and And and and, and and
> and Chips, as well as after Chips?
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
