list members, i am working on having radius perform authorization based on group membership in ldap. i am able to authenticate the user using the kerberos module, and can attach to ldap using the ldap module. what i would like to do is have a group in ldap that provides a radiusReplyItem value, instead of having the radiusReplyItem as a users attribute. effectively what i am attempting to accomplish is: by placing a user in the group, the authorization string provided in the radiusReplyItem would be given to hosts, removing the need to supply the radiusReplyItem on a per-user basis.
i have found this write up: http://www.clearfoundation.com/docs/howtos/setting_up_radius_to_use_ldap but it does not work. i am using freeradius v 2.2.0 on fedora 16, with openldap 2.4.26 and kerberos5 1.9.4. the device pointing at radius is a cisco sg300-28. i am able to sign in right now, pointing at kerberos for auth, and providing the authorization string out of my user object in ldap. any pointers towards how i can accomplish this would be appreciated. thanks in advance, brendan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
