Hello all,
I will do my best to be brief yet detailed. I have a FreeRADIUS v0.4 server
running and authenticating just dandy against LDAP. Our routers are a mixture
of routable IP address and NAT (10.0.0.0) address assignments. Occasionally a
customer who's local dial-in is NATed wants a real IP address because they
want to use some protocol that just doesn't work over NAT.
I am able to accomplish this via an authorization section using 'files' with
per user entries like:
nonat Auth-Type := LDAP
X-Ascend-Assign-IP-Pool = 2
It works, but how hard is it to get FreeRADIUS to grab these attributes out
of LDAP? I am already authenticating via LDAP, but I can't seem to authorize
and pass special RADIUS attributes. I messed around with 'ldap.attrmap' and
made entries like:
checkItem X-Ascend-Assign-IP-Pool radiusIP-Pool
checkItem $GENERIC$ radiusCheckItem
I then added these to a users LDAP entry:
radiusCheckItem: X-Ascend-Assign-IP-Pool=2
radiusIP-Pool: 2
in hopes it would happily grab either of those settings and interpret it. It
did not work. I checked that an LDAP search returned the attributes without a
BIND (I limit access to certain attributes) and it returned it happily.
I then looked further into the doc/ direcotry and found 'RADIUS-LDAP.schema'.
Is it necessary to make all kinds of schema changes to make this work?
I apologize if I am missing any details. I'm really just looking for someone
who might have done something similar and can give me a clue where to start
and how difficult it might be.
I will continue to read documentation in hopes I can figure this beast out on
my own, but I thought I'd throw it out to anyone who might have similar
experiences!
Thanx!
--
[================================]
Steve Tow
Systems Engineer
Vital Support Systems
Email: [EMAIL PROTECTED]
Phone: (515) 334-5700
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
