Hello, In your LDAP config in radius, groupmembership_attribute = should correspond to the attribute name in your LDAP where you specify the group "it". And groupname_attribute should match in a standard config radiusGroupName. This is how it works on my config.
Regards, Matt Michael March a écrit : > I've been playing around with this all day and I'm stumped. > > Does anyone have a config for ANY version of FreeRadius that works > with LDAP groups? > >> >> ========= /etc/raddb/users =========== >> >> >> DEFAULT Auth-Type = LDAP >> Fall-Through = 1 >> >> DEFAULT LDAP-Group == it >> Service-Type = Administrative-User >> >> >> ========= /etc/raddb/radiusd.conf =========== >> >> ldap { >> server = "192.168.150.140" >> identity = "uid=admin,ou=People,dc=acme,dc=com" >> password = "BadPass" >> basedn = "dc=acme,dc=com" >> filter = "(uid=%u)" >> # base_filter = "(objectclass=radiusprofile)" >> >> start_tls = no >> >> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" >> # profile_attribute = "radiusProfileDn" >> access_attr = uid >> >> # Mapping of RADIUS dictionary attributes to LDAP >> # directory attributes. >> dictionary_mapping = ${raddbdir}/ldap.attrmap >> >> ldap_connections_number = 5 >> >> groupname_attribute = cn >> groupmembership_filter = >> "(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))" >> groupmembership_attribute = it >> timeout = 4 >> timelimit = 3 >> net_timeout = 1 >> compare_check_items = yes >> # do_xlat = yes >> access_attr_used_for_allow = yes >> } >> >> >> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html