> On 12/03/12 15:44, u...@3.am wrote: > >> >> DEFAULT Group == "FOO", Pool-Name :="FOO_pool" > > "Group" is probably empty. I can't remember what module, if any, fills > it out. > > What do you *think* "Group" will contain? It won't contain LDAP groups.
I was about to post about this..I just did a test with this entry: someuser Pool-Name :="FOO_pool" And it got an IP from the pool just fine, so you're right, the problem lies with "Group". It is a legacy entry, left over from before we switched from PAM/unix to LDAP. Since it continued to work even after removing all of the unix group entries and still continues to work when we add new LDAP groups and LDAP users to that group. How it gets that is something I don't know...there's no ldap.attrmap entry for it on the older, working servers. I take it I will need to define map the LDAP attribute PosixGroup to something? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
