On Thu, Dec 02, 2010 at 11:54:28AM +0000, Alexander Clouter wrote:
> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis,
> ldap_login1-LDAP-Group == it-switch-admin
> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis,
> ldap_login2-LDAP-Group == it-switch-admin
>
> instantiate {
> ldap_login1
> ldap_login2
This sounds like you're comparing attributes called "ldap_login1-LDAP-Group"
and "ldap_login2-LDAP-Group". Presumably these are generated with those
distinct names, by your two LDAP module instances.
How do the definitions of those two look like?
IOW have you tried using a common LDAP attribute map in both?
--
2. That which causes joy or happiness.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
