On Wed, 16 Feb 2005, Chan Min Wai wrote:
Hello,
Seem to be something is missing somewhere. I've follow the same way. But there is still no sight og LDAP-Group in the log. Below is the log.
Dustin Doris wrote: > ldap_howto.txt in the doc directory tells you how, not sure how outdatedthat is by now, I will be rewriting it sometime this quarter.
Anyway, in case it is outdated, here is how I do it now.
in radiusd.conf ldap section
groupname_attribute = radiusGroupName
Done,
groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"The Same
In the users file on the first line
DEFAULT Ldap-Group == disabled, Auth-Type := Reject
Yep 1st Line
In your ldap entry
dn: uid=user,... ...otherstuff... radiusgroupname: disabled
modified
rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=optics,dc=net,dc=my, dc=.' radius_xlat: '(uid=dcmwai)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 203.115.210.254:389, authentication 0 rlm_ldap: bind as cn=Manager, dc=./password to 203.115.210.254:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=optics,dc=net,dc=my, dc=., with filter (uid=dcmwai) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed
You 've got multiple instances of the ldap module and you 're using the wrong one to perform group checks. Use:
DEFAULT <ldap_instance>-Ldap-Group == disabled, Auth-Type := Reject
instead
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html