Ok, I've did this, but the group testing is not working. server twofactor {
authorize { preprocess auth_log suffix pap perl if (User-Password =~ /^(.+?)([0-9]{6})$/) { update request { User-Password := "%{1}" One-Time-Password := "%{2}" } } update control { Auth-Type := TwoFactor } if (ldap_group-LDAP-Group != "somegroup") { reject } } authenticate { Auth-Type TwoFactor { perl ldap_group } perl ldap_group } ... } Output: rlm_ldap::ldap_groupcmp: User found in group somegroup ldap_msgfree [ldap_group] ldap_release_conn: Release Id: 0 ? Evaluating (ldap_group-LDAP-Group != "somegroup") -> TRUE ++? if (ldap_group-LDAP-Group != "somegroup") -> TRUE ++- entering if (ldap_group-LDAP-Group != "somegroup") {...} +++[reject] returns reject ++- if (ldap_group-LDAP-Group != "r7arq") returns reject } # server hotp Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/hotp +- entering group REJECT {...} On Fri, May 13, 2011 at 10:53 AM, Herbert Fischer <herbert.fisc...@gmail.com > wrote: > Thanks Alan! > > And how do I tell Freeradius that only some LDAP groups can authenticate > against a client? > I read the docs but did not understood the connection between the users > file and the virtual server conf. > > best regards > > On Fri, May 13, 2011 at 2:28 AM, Alan DeKok <al...@deployingradius.com>wrote: > >> Herbert Fischer wrote: >> > I would like to setup LDAP module with different settings for different >> > clients. >> > >> > How can I do this? >> >> Either set up a different virtual server for each client, OR use >> "unlang" to check "if client X, use ldap X" >> >> > Can I setup multiple LDAP module settings and specify which one I would >> > like to use for a site or client? >> >> Yes, but you need to edit the "authorize" section to replace: >> >> ldap >> with >> >> if (client 1 ..) { >> ldap1 >> } >> elsif (client 2...) { >> ldap2 >> } >> ... >> >> > Can I define some of the LDAP settings inside the site or client config? >> >> No. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html