> Add an attribute like radiusMaxDailySession in your ldap schema (and in the > radiusprofile aobjectclass). Also add it in ldap.attrmap like: > > checkItem Max-Daily-Session radiusMaxDailySession > > Then you can just set it to whatever value you wish for each user.
Great, this is exactly what I'd like to happen. > > How do I retrieve the pool information from ldap? Can I keep the poolname > > in an attribute such as knetRadiusPool? Where do I define the pool and > > associated ip addresses? > > > You could either use the radiusReplyItem like this: > > radiusReplyitem: Cisco-AVPair := "ip:addr-pool=mypoolname" > > or create your own attribute which you should add to the radiusprofile > objectclass and ldap.attrmap. > You define the pool inside your nas. Can I define an attribute to contain the profile a user belongs to and then refer to this attribute value in the users file? "doc/rlm_ldap" has a section: USER PROFILE ATTRIBUTE: The module can use the User-Profile attribute. If it is set, it will assume that it contains the DN of a profile entry containing radius attributes. This entry will _replace_ the default profile directive. That way we can use different profiles based on checks on the radius attributes contained in the Access-Request packets. For example (users file): DEFAULT Service-Type == Outbound-User, User-Profile := "uid=outbound-dialup,dc=company,dc=com" I assume that the User-Profile refers to the following line in "radiusd.conf": # profile_attribute = "radiusProfileDn" Will this work if the DN doesn't exist on the ldap server, or can I use any string instead of valid DN and have this in ldap: radiusProfileDn: knetonly and in users: DEFAULT Service-Type == Framed-User, User-Profile == "knetonly" Thank you for answering my questions. This has been tremendously helpful in getting things going! Thanks, Adi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
