Hi Alan ,
Thanks for the help ! Your mail cleared a lot of doubts in my
mind .
>
>>The module "files" returns not found since there is no entry in the
>>users file still the authorization is done with ldap . I was under
>>the impression that if a user-name is not present in the users file
>>then the user should be denied access OR am I doing something wrong
>>here .
>>
>
> The 'users' file is just one authorization method out of many. You
> allowed LDAP to be used, so when you disallowed the users file, LDAP
> was still permitted, and therefore it was used.
>
Actually I was under the impression , that the user will be first
checked against the users file and if the authorization was successful
would then be handed over to LDAP . Isn't that how it is done ?
I have one more question . This is regarding huntgroups . I assume
huntgroups is for restricting users to certain groups , right ? Excuse
me if I am wrong here . The reason I am asking this question is , I have
a requirement wherein I need to restrict users to login to certain NAS
only .
For eg : If have 2 NAS , NAS1 and NAS2 and I have users , say a,b,c and
x,y,z . I want radius to authenticate users a,b,c only if they login to
NAS1 and users x,y,z if they login to NAS2 . Something like :
NAS1 => a,b,c
NAS2 => x,y,z
So in case user "a" logs into NAS1 and NAS1 sends a radius request to
the radius server , the radius server should send a accept packet . But
if user "x" tries to do the same ( ie, log into NAS1 ) , the radius
server should reject it . This is in a corporate LAN and the
authentication backend for radius is openldap .
My question here is can I use the huntgroups file in the scenario
wherein I am using LDAP as the authorization and authentication backend
for radius and at the same time implement the above requirement .
Or is there any other solution . I am looking at the RADIUS schema for
ldap but I am not sure if that will help .
Thanks in advance
-Raj
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
