using a Cisco 3005 concentrator I am using Radius / LDAP on Suse 9.0 ES. I am having trouble getting groups working. I would like to have a group in LDAP called vpn-users and be able to put the user in that group for Radius authentication.
radius.conf
ldap {
server = "ldap.arnoldtrans.lcl"
identity = "cn=Manager,dc=arnoldtrans,dc=lcl"
password = "Arn0Ld"
basedn = "dc=arnoldtrans,dc=lcl"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
#access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
# password_header = "{clear}"
# password_attribute = userPassword
access_group = "cn=vpn-users,ou=Groups,dc=arnoldtrans,dc=lcl"
groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = "vpn-user"
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# access_attr_used_for_allow = yes
}
users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Douglas Sterner
Network Analyst
Arnold Transportation Services
451 Freight Street
Camp Hill, PA 17011
Phone (717) 703 - 5212 Ext 5473
