Re: Ldap Group Attribute radiusGroupName

On Thu, 17 Feb 2005, Chan Min Wai wrote:

> Kostas Kalevras wrote:
>> You 've got multiple instances of the ldap module and you 're using the
>> wrong one to perform group checks. Use:
>>
>> DEFAULT <ldap_instance>-Ldap-Group == disabled, Auth-Type := Reject
>
> Ok Things statring to be more interesting now. I've using the following
> entry in users as below:
>
>
>
> DEFAULT ocesbldap-Ldap-Group ==
> "cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc= .", Auth-Type := Reject
> Reply-Message = "Sorry, you are not allowed to have dialup access"
>
> =================OR==================
>
> DEFAULT ocesbldap-Ldap-Group == disabled, User-Profile :=
> "cn=disabled,ou=profiles,dc=ocesb,dc=com,dc=my,dc= .", Auth-Type := Reject
> Reply-Message = "Sorry, you are not allowed to have dialup access"
>
> Both of them are working however...
>
> Seem to be they don't care what group the users is in and just by
> default disable everybody.
>
> Anyone have some hints for me...

Run the server in debug mode to see what happens exactly.

>
>
> After working on this Group, I'm thinking what is the real use of Group?

None really, apart from group checks like the above

> Define the default attribute/replyItem for certain services?

That's what Default/REgular/User profiles are for.

>
> Regards,
> Chan Min Wai
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
kkalev@noc.ntua.gr National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html