Hi folks,
I'm trying to define radius default groups, based on an LDAP directory. The group information used to determine the profile of the user should be checked against a LDAP attribute, called "profilad". But things are always more complicated than they seem :-))) So any help will be highly appreciated :-))) Here is the main LDAP organisation : O=Myorg |_ OU=region |_ CN=User Name |_ cn=userid (attribute used for authentication) |_ ... |_ profilad=value (attribute that should be used for group identification) Here is the radiusd.conf extract : ldap { server = "my_ldap" basedn = "o=myorg" filter = "(&(cn=%u)(droitad=Oui))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap groupname_attribute = profilad groupmembership_filter = "(&(cn=%u)(droitad=Oui)(profilad=%GroupName))" timeout = 30 timelimit = 30 net_timeout = 1 } and the users extract : DEFAULT Group = "Profil04", Login-Time := "Mo-Fr0815-1930" Framed-Compression := Stac-LZS, Fall-Through = yes DEFAULT Group = "Profil01", Login-Time := "Mo-Su0815-1930" Framed-Compression := Stac-LZS, Fall-Through = yes [...] Regs, Pierre. . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html