Hi,
I'm in an active directory domain with child domain, tata as my primary, and
toto as my child domain.
I'm doing authorization based on LDAP group.
My User connect to freeradius using 802.1x and PEAP.
Using mschap and ntlm this is working great.
Now I want to give users access/or radius attribute based on their active
directory group.
I was able to do this using the LDAP module and users file.
The problem I am have now is; If I have a user group with the same name in my
primary domain (tata) and in my child domain (toto.tata), the freeradius does
not seems to see the difference (for exemple the domain users group).
In user file my LDAP policy look like that:
DEFAULT Ldap-Group == "groupname"
What I would like to do is write it like that:
DEFAULT Ldap-Group == "cn=groupname, ou=OUofGroup, dc=toto, dc=tata"
I'm pretty sure I have to work with those config in ldap:
groupname_attribute
groupmembership_filter
groupmembership_attribute
right now they are like that:
groupname_attribute = cn
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"
groupmembership_attribute = memberOf
If anyone got some insight on how to solve this problem, I would greatly
appreciate.
Thank you,
Yann
----------------------------------------------------------------------------------------------------------
Ce courriel a été filtré par ModusGate et Webshield afin de le
certifier comme légitime et exempt de virus.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
