Have a read through these posts. http://lists.freeradius.org/pipermail/freeradius-users/2010-October/msg00058.html
On Tue, Nov 2, 2010 at 2:10 PM, Hugh Blandford <[email protected]> wrote: > Dear All, > > I have been experimenting with using FreeRADIUS and LDAP, trying to get > some understanding of how groups are handled. > > I have left things in the configuration files mostly as standard, except > uncommenting the LDAP sections but am obviously not understanding how things > are supposed to work. > > I can place an LDAP group name in the users file and then have my LDAP user > checked against it and return the relevant attributes. > > eg (following someone's helpful example) > > DEFAULT Ldap-Group == flat10000, User-Profile := > "uid=flat10000,ou=profiles,ou=radius,ou=wl,dc=example,dc=org" > Fall-Through = yes > > DEFAULT Ldap-Group == disabled, Auth-Type := Reject > Reply-Message = "Account disabled. Please call the > helpdesk.", > Fall-Through = no > > However, I was hoping to not use the users file. I was hoping that: > > groupname_attribute = cn > groupmembership_filter = > "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" > groupmembership_attribute = radiusGroupName > > would mean you could add the attribute radiusGroupName to a user's entry > and it would then look up the relevant GroupofNames and add those attributes > to the return items. However, when I add radiusGroupName to a user's entry > I don't see any groupname lookups in the debug at all. > > Sorry if I have failed to understand something basic. > > What I actually want to do is might not be solved best by LDAP groups. > Most of our customers are in different VRFs and this, the loopback address > and DNS servers etc are returned. Rather than store this information under > each user I would like to have template that I refer to. However, at the > same time, having 50+ default entries didn't seem the right way to do it > either. > > Thanks for your patience. > > Hugh Blandford > > -- > Hugh Blandford > Island Internet > ph 1300 130 428 > mb 0412 016 875 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
