I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this results in the same failure in the group section. rlm_ldap: object not found rlm_ldap::ldap_groupcmp: search failed
I cant remove the ou=test portion or authentication fails completely and i get a reject: [ldap] performing user authorization for seth.doty [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> seth.doty [ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) -> (CN=seth.doty) [ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: closing existing LDAP connection rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0 rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter (CN=seth.doty) rlm_ldap: ldap_search() failed: Operations error [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail On Fri, 2011-05-20 at 15:26 +0100, Phil Mayers wrote: > On 20/05/11 15:14, Doty, Seth wrote: > > I must be doing something wrong in my filtering because it keeps dumping > > me into unclassified instead of passing the group I assigned. I have > > setup a security group specifically for this test and i am indeed in the > > group. > > > > I set it up like this in sites-enabled/inner-tunnel because it seemed > > this manner was a little more flexible for our needs: > > > > post-auth { > > if (Ldap-Group == "CN=STNE_Wireless_Authentication,ou=Security > > Groups,ou=test,ou=test,dc=AD,dc=ne,dc=gov") { > > This is wrong. You don't give the group DN. You give the value of > "groupname_attribute" in the ldap module, defaults to "cn", i.e. > > post-auth { > if (Ldap-Group == STNS_Wireless_Authentication) { > .. > } > } > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html