On 31/07/12 13:26, David Aldwinckle wrote:
Hello,
I figure that other people might benefit from this too, so...
I was correct in my previous message. I added ldap to the authorize
section of the inner tunnel, and did the group checking in the
post-auth of the default server and everything worked wonderfully.
This isn't working for the reasons you seem to think.
The syntax:
if (Ldap-Group == xx)
...performs a dynamic search against the LDAP directory for the user &
group membership.
If you're doing this in the "default" post-auth, you're running LDAP
twice - once in the "inner-tunnel" authorize section, and once in the
"default" post-auth.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
