>I'm new to freeradius (3 weeks experience) and mailing lists (second attempt)
>so please have patience.
>I have freeradius 1.1.7 (prebuilt package) on Solaris 10 configured to
>authenticate against Active Directory using ntlm-auth.
>All working OK.
>Now I'm trying to return different reply attributes depending on Active
>Directory group membership and restrict which groups can authenticate. Ldap
>lookups against the active directory root fail with operation error.
>Reconfiguring Active Directory is not a viable option so I have to specify an
>OU=xxxx in the query. I have configured two instances of the ldap module for
>authorisation, one to query the staff ou and the other to query the student
>ou. Both work OK for valid queries but if the user does not exist in the ou
>the server still authenticates the username/password and grants access if
>valid.
You need to upgrade to 2.x and use unlang. See man unlang on freeradius
site. You need something like:
if Ldap-Group == staff { do something }
elsif Ldap-Group == student { do something else}
else update control { to reject }
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
