Re: Non Ldap Group members being rejected
At present I am using AD groups to assign roles to my users and rejecting users who are not members of the defined groups. This is being done via the users file which looks like this: #If you are not in either group, no access is allowed #FreeRADIUS 2.1 #These are the groups we are checking for Lunar Building staff DEFAULT Ldap-Group == lunar-staff Aruba-User-Role = employee DEFAULT Ldap-Group == lunar-member Aruba-User-Role = member DEFAULT Ldap-group != lunar-staff, Auth-Type := Reject DEFAULT Ldap-group != lunar-member, Auth-Type := Reject #End I now want to also include guest users whose credentials are in a MySQL database, what statement do I need to include in my users file to also allow the guest users to authenticate, since my current config allows only the Ldap Groups. I did have SQL working before I added the reject statements. Add all SQL users to group guests. Then add before reject statements: DEFAULT SQL-Group == guests and perhaps Aruba-User-Role = guest. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Non Ldap Group members being rejected
[files] expand: %{User-Name} - john
[files] sql_set_user escaped user -- 'john'
rlm_sql (sql): Reserving sql socket id: 1
[files] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority - SELECT groupname FROM radusergroup *WHERE
username = 'john' ORDER BY priority
[files] sql_groupcmp finished: User is a member of group Guests
rlm_sql (sql): Released sql socket id: 1
[files] users: Matched entry DEFAULT at line 18*
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for john with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
Thanks, that worked a treat, users is now found in SQL-Group == Guests
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Non Ldap Group members being rejected
At present I am using AD groups to assign roles to my users and rejecting users who are not members of the defined groups. This is being done via the users file which looks like this: #If you are not in either group, no access is allowed #FreeRADIUS 2.1 #These are the groups we are checking for Lunar Building staff DEFAULT Ldap-Group == lunar-staff Aruba-User-Role = employee DEFAULT Ldap-Group == lunar-member Aruba-User-Role = member DEFAULT Ldap-group != lunar-staff, Auth-Type := Reject DEFAULT Ldap-group != lunar-member, Auth-Type := Reject #End I now want to also include guest users whose credentials are in a MySQL database, what statement do I need to include in my users file to also allow the guest users to authenticate, since my current config allows only the Ldap Groups. I did have SQL working before I added the reject statements. thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
