Hi.. As you mention i able to get that ldap group work , i add two additional entrys in /etc/freeradius/user file to filter the users , these are ,
DEFAULT Ldap-Group == "cn=people,ou=users,dc=home,dc=com", Auth-Type := Accept Reply-Message = "You are Accepted" DEFAULT Auth-Type := Reject then i face the much bigger issue, then freeradius start to ignore the ldap userpassword. even though i type wrong password freeradius granting the access. hi guys any way to slove this issue Thank You Dhanushka On 24 March 2012 17:35, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 03/24/2012 05:51 AM, dhanushka ranasinghe wrote: >> >> Hi guys, >> >> im using freeradius with LDAP , and its authentication works fine when >> i use following configuration. >> >> server = "ldap.home.com" >> identity = "cn=admin,dc=home,dc=com" >> password = home >> basedn = "ou=users,dc=home,dc=com" >> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" >> base_filter = "(objectclass=radiusprofile)" >> access_attr = "uid" >> authtype = ldap >> >> but , then i created the LDAP group, and add the members to that, >> >> eg : >> >> dn: cn=people,ou=users,dc=home,dc=com >> objectClass: groupOfNames >> objectClass: top >> cn: wso2 >> member: uid=userone,ou=user,dc=home,dc=com >> member: uid=usertwo,ou=user,dc=home,dc=com >> >> , then i change my ldap config as follows , >> >> server = "ldap.home.com" >> identity = "cn=admin,dc=home,dc=com" >> password = home >> basedn = "cn=people,ou=users,dc=home,dc=com" >> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" >> base_filter = "(objectclass=radiusprofile)" >> access_attr = "uid" >> authtype = ldap >> >> but this method is not working , radius debug output says, user >> cannot be searched within that group. , >> >> is there any particular search method that i need use... ? , what can >> i do to sort out this problem ? > > > This is all completely wrong. You have told the LDAP module to search for > all objects, including users, starting from the DN of the group you have > created. > > Set your LDAP back how it was, then uncomment the "groupmembership_filter" > and "groupname_attribute" in the "ldap" module config, that comes with the > server by default. It should just work. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html