DEFAULT Ldap-Group == "Engineering", and then list of reply attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, "David W Bell" <[EMAIL PROTECTED]> piše:
>Ok been fiddling some more.
>
>What I need to now do is work out which group a user belongs to based on
>LDAP users and groups.
>
>I
Ok been fiddling some more.
What I need to now do is work out which group a user belongs to based on
LDAP users and groups.
I am assuming this is in the radius.conf @ the section about groups.
For Example,
This LDAP user.
# belld, people, dxi.net
dn: uid=belld,ou=people,dc=dxi,dc=net
cn: Da
>Huntgroups file
>
>packeteer_read_only NAS-IP-Address == 10.17.69.12
>
Delete this.
>Users file
>
> 165 DEFAULT Huntgroup-Name == "packeteer_read_only",Ldap-Group ==
> packeteer_read_only,User-Profile :=
> "uid=packeteer_read_only,ou=profiles,ou=radius,dc=csctus,dc=net", Auth-Type
> := LDAP
Message: 3
Date: Thu, 11 Oct 2007 23:23:45 +0100
From: <[EMAIL PROTECTED]>
Subject: Re: Problem with LDAP and Groups
To: "FreeRadius users mailing list"
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-2
Bryan Evege wrote:
...
Please edit your posts to the list. It's annoying to have to scroll
through reams of headers and old messages in order to see your reply.
> Thank you for the reply. If I change the fall through to yes it still
> matches as many groups as the user is in. How can I tell
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, "Bryan Evege" <[EMAIL PROTECTED]> piše:
>Message: 6
>> Date: Thu, 11 Oct 2007 21:13:21 +0100
>> From: <[EMAIL PROTECTED]>
>> Subject: Re: Problem with LDAP and Groups
>> To: "FreeRadius u
Message: 6
Date: Thu, 11 Oct 2007 21:13:21 +0100
From: <[EMAIL PROTECTED]>
Subject: Re: Problem with LDAP and Groups
To: "FreeRadius users mailing list"
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-2
If I change the fall through t
>If I change the fall through to yes it still matches as many groups as the
>user is in. How can I tell freeradius which attributes to send back?
If you want to send sets of attributes according to the NAS user is
trying to log into use huntgroups.
>For example, bevege is a member of the followi
body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Problem w
Bryan Evege wrote:
> Here's the problem. When a user logs in and is a member of more than
> one group radius only uses the first one to match. I've included the
> users file below.
In which you tell it to stop matching after the first one.
> DEFAULT Ldap-Group == packeteer_read_only,User-Prof
You can group devices in huntgroups and add Hungroup-Name to those
DEFAULT profiles.
Ivan Kalik
Kalik Informatika ISP
Dana 10/10/2007, "Bryan Evege" <[EMAIL PROTECTED]> piše:
>Hello all. First off here's what I want to accomplish in the end. Use
>LDAP as the backend to store all user informat
Hello all. First off here's what I want to accomplish in the end. Use
LDAP as the backend to store all user information including radius
attributes, shell info and access to specific devices in specific
locations. For example, Johnny needs access to all linux boxes in
Atlanta and priv-level
ldapsearch -x cn=my_group
#
# filter: cn=my_group
# requesting: ALL
#
# my_group, group, lanl, gov
dn: cn=my_group,ou=group,dc=lanl,dc=gov
objectClass: groupOfNames
cn: my_group
member: employeeNumber=0067,ou=people,dc=lanl,dc=gov
member: employeeNumber=0068,ou=people,dc=lanl,dc=gov
...
---
Hello there,
I have a small problem. And I read the documentation. And I can't find
what's wrong.
I have a corporate LDAP with users and group.
Each group is a "groupOfUniqueNames", with "uniquemember".
In the user defintion, no group definition is set.
I need to authenticate members of a cert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
I have a small problem. And I read the documentation. And I can't find
what's wrong.
I have a corporate LDAP with users and group.
Each group is a "groupOfUniqueNames", with "uniquemember".
In the user defintion, no group definition
You need to specify where to look for the group membership. Comments
below.
On Thu, 22 Jan 2004, Daniel wrote:
> Sorry should have included it in the first place.
>
> Here it is:
>
>ldap {
> server = "127.0.0.1"
> identity = "cn=Manager,dc=test,dc=net,dc=a
Sorry should have included it in the first place.
Here it is:
ldap {
server = "127.0.0.1"
identity = "cn=Manager,dc=test,dc=net,dc=au"
password =
basedn = "dc=test,dc=net,dc=au"
filter = "(uid=%{Stripped-U
Can you post the ldap section of your radiusd.conf file? Also, can you
post an example of an entry in that groups section, as well as an entry
for one of your users?
On Wed, 21 Jan 2004, Daniel wrote:
> I have freeradius 0.9.3 setup and running fine. Its is authing with my
> Ldap server fine.
I have freeradius 0.9.3 setup and running fine. Its is authing with my
Ldap server fine.
I can't get it to reject a user with membership of a ldap group.
users:
DEFAULT Ldap-Group == "disabled", Auth-Type := Reject
Reply-Message = "Sorry, you are not allowed"
The groups are held under ou
19 matches
Mail list logo
