ocserv: user group not assigned when using certificate authentication
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Aug 28 23:34:02 PDT 2014
On Thu, Aug 28, 2014 at 10:22 AM, sskaje <sskaje at gmail.com> wrote:
> Nikos,
> I have these in my config file:
>
> # grep group /opt/ocserv/etc/config |grep -v '^#'
> cert-group-oid = 2.5.4.11
> run-as-group = daemon
> config-per-group = /opt/ocserv/etc/config-per-group/
> default-group-config = /opt/ocserv/etc/defaults/group.conf
> select-group = vpn
> select-group = dnsonly
> default-select-group = vpn
^^^^^
I believe the above is what causes the issue. I've tried to clarified
what default-select-group is in the documentation. It is a virtual
group that allows a user to select the default assigned to him (in
case he belongs to multiple groups). The way you use it shouldn't do
any harm however, but it had the bug you noticed. It should be fixed
in the master branch now though.
regards,
Nikos
More information about the openconnect-devel
mailing list