Re: Using ldap authentication/authorization

Wed, 12 Jun 2002 13:56:12 -0700 

On Wed, 12 Jun 2002, Adi Linden wrote:

> > > - Authenticate user by doing a bind to the LDAP server using the users
> > >   username and password
> >
> > Yes
>
> Ok, got that going.
>
> > > - Get the daily timelimit amount for the user from LDAP and apply that
> > >   daily limit
> >
> > Yes
>
> I am assuming this is done with rlm_count. How can I retrieve the
> timelimit from ldap and use it in radius?

        counter {
                filename = ${raddbdir}/db.counter
                key = User-Name
                count-attribute = Acct-Session-Time
                reset = daily
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                        ^^^^^^^^^^^^^^^^^^^^^^^^
                allowed-servicetype = Framed-User
                cache-size = 5000
        }

Add an attribute like radiusMaxDailySession in your ldap schema (and in the
radiusprofile aobjectclass). Also add it in ldap.attrmap like:

checkItem       Max-Daily-Session               radiusMaxDailySession

Then you can just set it to whatever value you wish for each user.

>
> > > - I have 2 pools of ip addresses with different access on the terminal
> > >   server. I need to somehow assign users to one of the pools using an
> > >   LDAP attribute
> >
> > Yes. Just create two user profiles and assign each user to one of them. Add a
> > Framed-Pool or Cisco-AVPair := "ip:addr-pool=mypoolname" in each profile and you
> > are ok.
>
> How do I retrieve the pool information from ldap? Can I keep the poolname
> in an attribute such as knetRadiusPool? Where do I define the pool and
> associated ip addresses?


You could either use the radiusReplyItem like this:

radiusReplyitem: Cisco-AVPair := "ip:addr-pool=mypoolname"

or create your own attribute which you should add to the radiusprofile
objectclass and ldap.attrmap.
You define the pool inside your nas.

>
> Thanks,
> Adi
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]      National Technical University of Athens, Greece
Work Phone:             +30 10 7721861
'Go back to the shadow' Gandalf



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to