Hello,
I have a question which I'm sure has been answered many times in the list, but I
have been unable to find it.
By default, users are authorized and authenticated through ldap. I have a
default profile that is used to provide the standard Reply-Items for radius.
Therefore, the user's need not be altered for authorization.
I want to be able to add an attribute to users who are denied dialup access. I
extended the supplied schema file slightly to include a radiusReplyItem attribute,
and have added this attribute to the ldif:
radiusReplyItem: Auth-Type := Reject
in debug mode, freeradius reports:
Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: looking for reply items in directory...
Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: extracted attribute Auth-Type from
generic item AuthType := Reject
Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: user johnroam authorized to use
remote access
I've also setup Packet-Type := Access-Reject which also reported the same.
I'm guessing I'm actually barking up the wrong tree. Could someone point me
back in teh right direction, perhaps towards an example?
Also, one other thing I'll have to setup that I may need help on. In our current
setup, we go off of
DEFAULT Simultaneous-Use == 1, Called-Station-Id == "8146245132",
Ldap-Group == "tollfree"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Idle-Timeout = 900,
Port-Limit = 1
Instead of a group, I'd like to use an attribute instead.
Cheers,
John
John Hogenmiller, kb3dfz
Systems Administrator, Pennswoods.net
877.716.2002 x 529
---
Anyone could say, "What fantastic and expensive items you have! Oh, how I
wish they were mine!" But I have proven my sincerity by going that extra mile
and actually robbing you blind.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
