[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: LDAP redundant with LDAP-Group within users file
From:       up () 3 ! am
Date:       2011-06-30 16:29:01
Message-ID: a91ce2d8126cb2b93b6d4308cc6ec5f2.squirrel () ssl ! pil ! net
[Download RAW message or body]


> Just a gap of our users file, we have 18 default lines and additional 4 for a
> local/PAP user:
>
>
> DEFAULT Auth-Type := LDAP, Huntgroup-Name == consoleserver, LDAP-Group ==
> "<LDAP-GROUP-Team-a>"
>         Login-Service = Telnet
>

FWIW, since it's the LDAP-Group attribute that you're having trouble with, we are
doing LDAP auth with POSIX style LDAP auth data and I believe it gets around this
by simply using the old "Group" attribute from before we migrated from PAP/unix
(but still gets from LDAP):

DEFAULT		Group == acme, Pool-Name :="acme_pool", Auth-Type = Ldap

This is a smaller network with 1 fallback LDAP server, and I know that the
fallback is working and I'm pretty sure it passes on the proper group info to
assign the correct IP pool in this case.  It may not work with non-POSIX LDAP
groups though...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]