On Fri, 22 Oct 2004, Glen Eustace wrote:
I am trying to use our MS AD database for with LDAP. Authentication works fine but I can not get authourisation based on group membership to work.
The issue seems to be that radiusd never queries and group info from the directory at all. I have read the various how-to's etc, but they are all based on using an openLDAP directory. I saw one similiar posting from someone else with the same problem and he was referred to Dustins' how-to, I have read that and I am obviously still missing something.
I believe I will be able to get the searches worked out as soon as I can get the server to actually do a query.
Use the Ldap-Group attribute:
--users file--
DEFAULT Ldap-Group == "mygroup" Reply-Message = "user in group mygroup"
-- .*. | Glen Eustace, Infrastructure Development Engineer /V\ | Information Technology Services PN460, Turitea, (/ \) | Massey University, Palmerston North, New Zealand. ( ) | Ph: +64 6 356 9099 x 81005, Fax: +64 6 350 5607, ^^_^^ | Mob: +64 27 4 500 321 ------+-----------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html