0

I'm running a freeradius v3 instance with an LDAP backend for the authentication.
The backend is working fine but I'v issues with my users.conf file.

In this file, I'm trying to implement some rules to allow a group A to connect to the SSID A and to allow a group B to connect to SSID B, denying all the rest. Unfortunately that does not work so far (everyone is allowed to connect if the credentials are valid).

If anyone has any idea on what should the config looks like, that would help me a lot as I'v been struggling with this issue for some days :(

users.conf:
DEFAULT LDAP-Group == "group1", Called-Station-Id == "b0-aa-77-f0-6b-f8:SSID1", Auth-Type := LDAP
DEFAULT LDAP-Group == "group2", Called-Station-Id == "b0-aa-77-f0-6b-f8:SSID2", Auth-Type := LDAP

Nicolas
  • 11
  • 1
  • Could you post the debug output around where the files module is called, and your ldap config (strip the comments to keep it small). – Arran Cudbard-Bell Oct 17 '15 at 19:55
  • It's a Synology NAS, I'll try for the debugging output but it's kind of hidden. I'v pasted the /usr/loca/synoradius/rad_site_def_ldap here: http://pastebin.com/ed6m23Mu – Nicolas Oct 17 '15 at 21:23
  • They called it synoradius? *sigh* wow... OK well synoradius/mods-available/ldap is what I need. – Arran Cudbard-Bell Oct 18 '15 at 01:10
  • Hello Arran, sorry for the delay, I'v been off the last week. If you can still give some insight on this, I'v pasted the etc/raddb/modules/ldap file here: http://pastebin.com/4EjeH256 The site-enabled/default points to which is turn points to /usr/local/synoradius/rad_site_def that INCLUDES the first pastebin link in the above comment. – Nicolas Oct 24 '15 at 18:23
  • Well that's a FreeRADIUS 2 LDAP config, so if you're running FreeRADIUS 3 that would explain the issue. – Arran Cudbard-Bell Oct 25 '15 at 00:13
  • Extract from radiuusd -v : radiusd: FreeRADIUS Version 2.2.5 (git #d6e8c57), for host i686-pc-linux-gnu, built on Feb 11 2015 at 14:21:45 So it a FreeRadius 2 binary. Note that it's just this Called-Station-Id to ldap-group mapping limitation that doesn't work – Nicolas Oct 25 '15 at 11:40

0 Answers0