Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 17-Sep-2009, 08:02 AM
robert_w_brandt's Avatar
Member
  
Join Date: Feb 2008
Location: Dublin, Ireland
Posts: 57
robert_w_brandt 0 reputation points
Default Re: Radius Administration
Originally Posted by robert_w_brandt View Post
I also see that freeradius has the ability to query group membership, but the problem is that it assumes that the member attribute is only populated by the username, NOT the full context! Any attempt to modify the ldap filter for something like (member=cn=%{User-Name},*) fails.
I found the answer on another forum. Turns out the documentation for freeradius is incorrect. You need to use this syntax in the LDAP module definition:
groupname_attribute = cn
groupmembership_filter = "(&(objectClass=groupOfNames)(member=%{control:LDA P-UserDn}))"
groupmembership_attribute = groupMembership
I am still having issues with iManager Administration end of it, but for now using the groupmembership allows me to define the reply-attributes in the users files.

Bob
Reply With Quote
 

Tags
freeradius, groups, ldap, radius

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 12:06 PM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2