On Wed, 26 Dec 2001, Lance Miller wrote:
> Thanks in advance....
>
>
>
> RADIUS SERVER: freeradius-0.3
> OS: Sun Solaris 8
>
> I can do this:
>
> I can authenticate with the LDAP Module loaded
>
> I cannot do this:
>
> Assign certain users who are defined in the LDAP database IP pool address from the
>LDAP server.
>
> Questions:
>
> For example: I want a user who only subscribes to Email to get an IP Address from
>one pool,
> and a user who is full service to get an IP Address from another pool.
>
> Is this possible?
Yes it is. You just need to add the appropriate radius attribute in the user
entries in ldap. You can either set the Framed-IP-Address of the user statically
(something like radiusFramedIPAddress: 123.123.123.123) or use the Framed-Pool
attribute. That way you can set up different pools in the nas servers for your
users, set the Framed-IP-Address to 255.255.255.254 (NAS assigned ips) and use
the Framed-Pool attribute to distinguish between the users.More or less
something like this (I haven't tried it though):
NAS:
email pool: email users
full pool: full service users
User entry:
radiusFramedIPAddress: 255.255.255.254
radiusReplyItem: Framed-Pool := email
Hope it works :-)
--
kkalev
>
> And more important can I look at some configuration files from someone who has done
>this?
>
> I made some changes here to protect my customers info.
>
> My current radiusd.conf section of LDAP looks like this:
>
>
> ldap {
> server = "xxx.xxx.xxx"
> basedn = "o=a"
> filter = "(uid=%u)"
> default_profile = "cn=NORMAL_USER,o=a"
> #profile_attribute = "cn=TEN_PLAN_USER"
> #access_group = "cn=NORMAL_USER"
> #access_attr = "TEN_PLAN_USER"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
>
>
>
> My ldapsearch are the following DB is made up like this
>
> This user would get unlimited usage:
>
> dn: uid=norm,o=hotfecalmatermail.com
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: posixAccount
> objectclass: shadowAccount
> objectclass: inetOrgPerson
> objectclass: mailRecipient
> objectclass: nsLicenseUser
> givenname: Lawrence
> sn: 555.555.1212
> uid: norm
> maildeliveryoption: mailbox
> mail: norm ser @hotfecalmatermail.com
> nslicensedfor: mail
> cn: NORMAL_USER
> cn: user with no name
> telephonenumber: 555.555.1212
> title: hockey
> mailhost: mail11.hotfecalmatermail.com
> gidnumber: 60001
> homedirectory: /var/mail
> shadowlastchange: 11250
> shadowmin: 0
> shadowmax: 99999
> shadowwarning: 7
> shadowinactive: -1
> shadowexpire: -1
> shadowflag: 1
> uidnumber: 3103
>
>
> This user only ten hours of usage:
>
> dn: uid=norm1,o=hotfecalmatermail.com
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: posixAccount
> objectclass: shadowAccount
> objectclass: inetOrgPerson
> objectclass: mailRecipient
> objectclass: nsLicenseUser
> givenname: Lawrence
> sn: 555.555.1212
> uid: norm
> maildeliveryoption: mailbox
> mail: norm ser @hotfecalmatermail.com
> nslicensedfor: mail
> cn: NORMAL_USER
> cn: user with no name
> cn: TEN_HOUR_PLAN
> telephonenumber: 555.555.1212
> title: hockey
> mailhost: mail11.hotfecalmatermail.com
> gidnumber: 60001
> homedirectory: /var/mail
> shadowlastchange: 11250
> shadowmin: 0
> shadowmax: 99999
> shadowwarning: 7
> shadowinactive: -1
> shadowexpire: -1
> shadowflag: 1
> uidnumber: 3103
>
>
>
>
>
>
> Thanks.
>
> Lance Miller
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
