Hi, Presently my system is configured in such a way that freeradius checks whether user is present in ldap server and then it searches to find the user group in ldap.
Is there a way I can avoid this? Basically I want to see if a user is present in Ldap server if he is present I will go ahead and authorize him instead of finding his group etc. My ldap configuration in radiusd.conf at present is: ldap ldap_primary { server = 157.235.205.31 port = 389 identity = "cn=Administrator,cn=Users,dc=xyt,dc=dyx,dc=com" password = temppass basedn = cn=Users,dc=xyt,dc=dyx,dc=com filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupacces" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = UserPassword groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember==%{Ldap-UserDn})))" groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 5 access_attr_used_for_allow = no } Iam using radius server 1.1.6 version. Thanks in advance -gnr
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html