On Wed, 12 Jun 2002, Adi Linden wrote:
> > > - Authenticate user by doing a bind to the LDAP server using the users
> > > username and password
> >
> > Yes
>
> Ok, got that going.
>
> > > - Get the daily timelimit amount for the user from LDAP and apply that
> > > daily limit
> >
> > Yes
>
> I am assuming this is done with rlm_count. How can I retrieve the
> timelimit from ldap and use it in radius?
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
^^^^^^^^^^^^^^^^^^^^^^^^
allowed-servicetype = Framed-User
cache-size = 5000
}
Add an attribute like radiusMaxDailySession in your ldap schema (and in the
radiusprofile aobjectclass). Also add it in ldap.attrmap like:
checkItem Max-Daily-Session radiusMaxDailySession
Then you can just set it to whatever value you wish for each user.
>
> > > - I have 2 pools of ip addresses with different access on the terminal
> > > server. I need to somehow assign users to one of the pools using an
> > > LDAP attribute
> >
> > Yes. Just create two user profiles and assign each user to one of them. Add a
> > Framed-Pool or Cisco-AVPair := "ip:addr-pool=mypoolname" in each profile and you
> > are ok.
>
> How do I retrieve the pool information from ldap? Can I keep the poolname
> in an attribute such as knetRadiusPool? Where do I define the pool and
> associated ip addresses?
You could either use the radiusReplyItem like this:
radiusReplyitem: Cisco-AVPair := "ip:addr-pool=mypoolname"
or create your own attribute which you should add to the radiusprofile
objectclass and ldap.attrmap.
You define the pool inside your nas.
>
> Thanks,
> Adi
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html