Thank you Chris, it's working perfectly.
A question regarding attributes and ldap. I cannot put all my attributes
in LDAP because one of my vendors doesn't work when it receives cisco av
pair AND ascend data filter. I noticed the following in documentation:
# default: NULL - use only user specific attributes or attributes,
# supplied by other modules.
What other module(s) would be apropriate? I didn't see any other
documentation. rlm_attr_filter doesn't look like what I need.
Again, any help is apreciated.
--JST
On Wed, 22 Aug 2001, Chris Parker wrote:
> Date: Wed, 22 Aug 2001 09:52:12 -0500
> From: Chris Parker <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Configuration questions
>
> At 12:15 AM 8/22/2001 -0700, you wrote:
>
> >Greetings list members.
> >
> >I am testing free radius currently and have a couple questions.
> >
> >I use the LDAP module for authentication. I have two realms, each on
> >separate DN's. How can I have two separate ldap configurations?
>
> You can declare them as two separate instances in the config file:
>
> modules {
> ...
> ldap LDAPONE{
> server = "server1.foobar.biz"
> # identity = "cn=admin,o=My Org,c=UA"
> # password = mypass
> basedn = "o=My Org,c=UA"
> filter = "(uid=%u)"
> ...
> }
> ldap LDAPTWO{
> server = "server2.foobar.biz"
> # identity = "cn=admin,o=My Org,c=UA"
> # password = mypass
> basedn = "o=My Org,c=UA"
> filter = "(uid=%u)"
> ...
> }
> ...
> }
>
> Then call the modules as LDAPONE and LDAPTWO in the auth sections. See
> the SQL module examples on how to do multiple instances.
>
>
> >It would be neat to be able to specify ldap_realma { binddn= etc..} and
> >then ldap_realmb { binddn= etc..}, then do a fall through type of deal in
> >the authenticate block. Is there current structure for this,
> >or do I need a second radius server/implementation to do this properly?
>
> Read the docs, and look at the examples. This is explained in intricate
> detail in 'doc/configurable_failover'.
>
> >Secondly, do we have the ability to send attributes back to specific
> >radius clients? I like to apply SMTP filters to NAS devices via
> >attributes such as 242, but this becomes difficult when you have some
> >ascend, cisco, portmaster, and cvx boxes on your network.
> >
> >I need to be able to do attributes X for client A (or maybe client group
> >A?) and attributes N for client B.
>
> I have a similar need, as cisco's and pm's require slightly different
> syntax for 'Filter-ID' ( appending a .in to cisco's ). For things other
> than that, you can send attributes from other vendors, and they should
> be ignored by other vendors. However, not all vendors read the same
> RFC apparently, so this may not be the case, but that's another rant. :)
>
> For now, there isn't a way to do what you want, but there is a need for
> something similar, so have patience and it'll be there.
>
> -Chris
> --
> \\\|||/// \ Chris Parker - Manager, Development Engineering
> \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
> oOo---(_)---oOo--\------------------------------------------------------
> \ Without C we would have 'obol', 'basi', and 'pasal'
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
___________________________________________________________
J. S. Townsley Senior Network and Systems Engineer
[EMAIL PROTECTED] Integrity Online
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
