Simon Grierson wrote: > Authentication via Active Directory, but with access granted depending > on AD Group membership.
That should be possible. > EG: User A Is allowed Wifi access, as they are in Wifi-Users group > > User B is not as they do not have membership of this group. That's easy. > So we have the Freeradius server up and running, and it can authenticate > against AD fine, but I cant figure out the group filtering portion of > the setup. The FAQ has examples. The configuration files have many references to "ldap", with comments describing what it does. > The documentation points to configuring the modules/ldap file to point > to our LDAP server (I.E. our AD server0, and to configure the /users > file with the following line > > DEFAULT Ldap-Group == > "CN=sec-eduroam-users,OU=Access,OU=SecurityGroups,OU=Groups,DC=testres,DC=org" > > DEFAULT Auth-Type = Reject The default *is* to reject the user, but that may work. > When I run freeradius in debug mode, we get all the usual output but no > ldap modules mentioned Is it a secret? The FAQ, "man" page, web pages, and daily messages on this list say to post the debug output. It's the ONLY way to solve the problem. > It dues include modules/ldap but little else. Which is probably fine. > FYI I have built this 3 times, Well, then you did it wrong 3 times. > What I cant get is LDAP to work through free radius. > > Am I doing something wrong, is there a better way to do this? Post the debug output as suggested in the FAQ, "man" page, web pages, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html