> No you can't. Both have to point to valid DN's in your tree. The
> profile_attribute is an attribute contained in the user entry pointing to the
> profile to be applied for the user, while User-Profile contains the profile to
> be applied in special cases instead of the default profile (I use it to
> implement Large Scale Dialout where I don't need the default reply items
> contained in the default profile).
So the profiles are entirely in LDAP then. I wanted to stay away from
extending the LDAP schema on the LDAP server if possible and do as much as
possible in the freeradius configuration.
>From another message on the list I see that it is not possible to group
users by having an attribute such as this either:
knetRadiusGroup: knetonly
In "radiusd.conf" the LDAP attribute would have to associate with the
group somehow and then in "users":
DEFAULT Group == "knetonly"
Are there any solutions I haven't thought of yet?
Thanks,
Adi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
