Message: 1
From: "Michael S. McCollough" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Subject: RE: LDAP Attributes
Date: Mon, 25 Mar 2002 22:10:03 -0500
Reply-To: [EMAIL PROTECTED]
Why don't you use groups?
That is an option I would prefer to use, however, I have not been able to
authorize using groups either.
I tried using the following in my users file.
DEFAULT Group == "dslgroup", Auth-Type := Accept
DEFAULT Auth-Type := REJECT
I am new to RADIUS and LDAP so please excuse my ignorance, but does the
group information have to be in the Access
Request packet received from the NAS? Here is the information I receive from
my NAS.
User-Name = "testuser2"
User-Password = "\254\233\3247'\030\233E\200C"\nc\235\013e"
NAS-IP-Address = 134.135.136.137
NAS-Identifier = "SMS_TestLab"
NAS-Port = 3
Service-Type = Framed-User
Framed-Protocol = PPP
Attr-1111621635 = "00d0592a8449"
NAS-Port-Type = Virtual
If the group information is not present in the Auth Request, can it be
inserted by the RADIUS before querying LDAP?
-----Original Message-----
From: Steve Tolman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 21, 2002 1:25 PM
To: [EMAIL PROTECTED]
Subject: LDAP Attributes
Hello,
I am using FreeRadius 0.5 and need to be able to Authorize users based
on an LDAP attribute. I would like the attribute to be able to have
multiple integer values that would indicate access level, ie. LDAP
attribute dslaccesslevel = 500, dslaccesslevel = 100. Different users
would be allowed different access rights based on this attribute.
I have not been able to get FreeRadius to Authorize based on this
attribute. Here is a copy of my relavent config files and debug output.
I added the Attribute dslaccesslevel as an integer type in the
dictionary file.
Thanks in advance for any help.
Users File
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
