Ivan,
Thank you so much! Perhaps you misunderstood my intention of saying
"relevant portions" of the configs - this isn't *everything* in the
config, just everything related to LDAP.
Regardless, I just removed all of what I'd added to users and added that
construct to authorize{} in my default site, and it seems to be working
perfectly.
I had to change
update control {
Auth-Type := Accept
}
to "Fall-Through: yes" to get LDAP authentication to work, but other
than that, perfect!
Thanks,
Jason
Ivan Kalik wrote:
>> I can't seem to find anything concrete online for freeradius1 relating to
>>
> groupOfNames, so I've just been trying random things that I found online
> (for raddb/users) hoping one would work.
>
>> RELEVANT CONFIGS (only relevant portions, comments removed)
>>
>
>
>> raddb/sites-enabled/default:
>>
>
>
>> authorize {
>> ldap
>> }
>> authenticate {
>> Auth-Type LDAP {
>> ldap
>> }
>>
>> }
>>
>
> And did you find that any part of documentation suggesting that you should
> cripple the server and then wonder why it's not working? Or does it say:
> "use default configuration and make only small changes"? Now, go back to the
> default configuration, configure *only* ldap module, disable ldap
> authentication (without the password in the request it can't work as it is
> clearly stated in ldap module) set_auth_type = no. Add this unlang
> statements to authorize:
>
> if(Ldap-Group == "WirelessUsers") {
> update control {
> Auth-Type := Accept
> }
> }
> else {
> reject
> }
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
