At 06:24 PM 11/25/2009, Ivan Kalik wrote:
Configure AD as ldap server in ldap module (.raddb/modules/ldap).
Then add to users file:
DEFAULT Ldap-Group == "max_priv_level" or whatever is your group called
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
closer! First, if I use the account directly:
testuser Cleartext-Password := "testpass"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
I get auth. (so the cisco at least is right, and the base LDAP must
be ok, because I get an LDAP success).
But when I switch to :
DEFAULT Ldap-Group == "Infrastructure"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
I get in the logs a failure to find the group:
[ldap] performing user authorization for testuser
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> testuser
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=ciscorsteeves)
[ldap] expand: OU=Enterprise,DC=int,DC=example,DC=com ->
OU=Enterprise,DC=int,DC=example,DC=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
OU=Enterprise,DC=int,DC=example,DC=com, with filter (uid=testuser)
rlm_ldap: object not found
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
My suspicion is something wrong between base_filter and filter. Sigh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
