On Thu, 13 Jun 2002, Michael Fuller wrote: > Hi all, > > Thanks to Kostas Kalevras for the clarification. Will my requirement work on > an OU basis ? I can add the attributes to the administrators on a per user > basis, as there will be only two or three of them.
You don't add the attributes on a per user basis, you just add a pointer to the profile dn and nothing else. > > My dial up users are a different story. I have around 500 users in my > database. > > About 50 of them will not have any restrictions on connect > - A profile without any session limit restrictions > About 300 of them will be allowed to connect only for a limited time per > day - A profile with restrictions on session limit. > The rest of the users will not have any dial up > - A profile that does not permit dial up access. > > I do not think it is practically possible to assign these rights on a per > user basis. How do I assign these three profiles to these three types of > users ? You just add a radiusprofiledn in the ldap entries of all your users pointing to the correct profile dn. For your particular configuration you will only need to do the following: default profile: Normal check/reply items 50 users: No user profile, the default profile will be sufficient 300 users: A user profle pointed by radiusprofiledn that will limit their online time the rest of the users: The rest will not have a dialupaccess attribute in their ldap entry so they will not be allowed dialup access. > > Please help > > Thanks and regards, > Michael Fuller -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
