Hello there!
I´m using freeradius 2.1.6 and use a ldap-group to reject some users. The
problem is, when the ldap-servers are
not responding when doing the search for the ldap-dn or when doing the search
for the dn in the group
the files-Module returns ok because the user abc matches for the next entry.
So a correct named bind is triggered
and the user gets access-accept even though he´s in the reject-group.
How can I get something like
"[files] returns failed"
in that case???
I´m doing the module loading for the groups in radiusd.conf:
instantiate {
...
ldagroups1
ldagroups2
}
Here´s the users-File. I hope anyone can help ...
DEFAULT Auth-Type :=REJECT, User-Name =~ "^(\.*)([a-zA-Z]{3})",
ldapgroups1-Ldap-Group == 'cn
=rejectgroup,ou=public,o=mycompany,c=de'
DEFAULT Auth-Type :=REJECT, User-Name =~ "^(\.*)([a-zA-Z]{3})",
ldapgroups2-Ldap-Group == 'cn
=rejectgroup,ou=public,o=mycompany,c=de'
...
DEFAULT User-Name =~ "^(\.*)([a-zA-Z]{3})", FreeRADIUS-Proxied-To !*
127.0.0.1, Auth-Type :=LDAP
...
DEFAULT Auth-Type :=reject
Thanks a lot
Anja
---------------------------------------------------------------------------------------------
Anja Ruckdäschel M.A.; Rechenzentrum der Universität Regensburg;
Universitätsstr.31; 93 053 Regensburg
Telefon: +49 941 943 4826
---------------------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
