Yohoo!
>LDAP advantage is that you can get more information out of
>the AD...which is what io believe is the desire in this case
Gotcha! :)
My google-searches hat driven me into the direction to use _only_ ntlm_auth for
authentication vs. AD.
Meanwhile I had also triggered out the needed groups-settings.
Just for completeness the settings for the groups:
----snip-------
/etc/raddb/radiusd.conf
[...]
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&
(objectClass=top)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = memberOf
[...]
----snip-------
/etc/raddb/users
DEFAULT Ldap-Group == "Cisco-RW"
Auth-Type := LDAP
DEFAULT Ldap-Group == "Cisco-RO"
Auth-Type := LDAP
DEFAULT Auth-Type := Reject
Reply-Message = "No access."
----snip-------
Works fine here. Is there the need of a short howto for the doc/ ?
Greets
Christian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
