Radiusd.conf:
filter =
"(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(memberOf=CN=rptp
cps,OU=Datawave Users,DC=corp,DC=van,DC=dwave))"
This works fine. However I can't get it to return any replyItems. Has
anyone gotten this to work with Active Directory? All the docs I see on
the Net refeerence OpenLDAP. I'm sure there is a lot of folks out there
running Windows 2000/2003 Active Directory.
I have spent a couple of days on this not having much luck. Here are a
few questions that would help me a bit.
1) Do I need groupname_attribute to get this to work?
2) What about groupmembership_filter and groupmembership_attribute?
My ldap.attrmap looks like this:
replyItem Class groupofnames
replyItem Class group
I think the above is correct. Can some shed some light on this?
Is group and groupofnames something that is an attribute of a user? When
freeradius searches for reply items it is searching for attributes of that
user.
eg:
dn: cn=someuser,...
group: somegroup
Should then add
Class = somegroup
to the reply items.
If you want to make reply items attached to a group, rather than in
individual, you will need to set the User-Profile attribute.
For example,
dn: cn=somegroup,ou=groups,...
group: somegroup
Then in the users file.
DEFAULT Ldap-Group == somegroup, User-Profile :=
"cn=somegroup,ou=groups,..."
You may be able to do this dynamically using xlat or something like
huntgroups too. If you want an example, send us an example of a user and
group from AD in ldif format and an example of a radius packet that you
would expect in the reply and I'll see if I can come up with an idea for
ya.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
