On Tue, 18 Jun 2002, John wrote: > Hello, > > I have a question which I'm sure has been answered many times in the list, but I > have been unable to find it. > > By default, users are authorized and authenticated through ldap. I have a > default profile that is used to provide the standard Reply-Items for radius. > Therefore, the user's need not be altered for authorization. > > I want to be able to add an attribute to users who are denied dialup access. I > extended the supplied schema file slightly to include a radiusReplyItem attribute, > and have added this attribute to the ldif: > > radiusReplyItem: Auth-Type := Reject > > in debug mode, freeradius reports: > > Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: looking for reply items in directory... > Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: extracted attribute Auth-Type from > generic item AuthType := Reject > Tue Jun 18 15:14:04 2002 : Debug: rlm_ldap: user johnroam authorized to use > remote access > > I've also setup Packet-Type := Access-Reject which also reported the same. > > I'm guessing I'm actually barking up the wrong tree. Could someone point me > back in teh right direction, perhaps towards an example?
Well, you can _set_ Auth-Type in rlm_ldap, but the actual rejection will take place in the authentication fase. There the Auth-Type will be checked and if it is Reject then the user will be rejected. What you could is use the access_attribute provision of the ldap module. Read doc/rlm_ldap for more details. > > Also, one other thing I'll have to setup that I may need help on. In our current > setup, we go off of > > DEFAULT Simultaneous-Use == 1, Called-Station-Id == "8146245132", > Ldap-Group == "tollfree" > Service-Type = Framed-User, > Framed-Protocol = PPP, > Idle-Timeout = 900, > Port-Limit = 1 > > > Instead of a group, I'd like to use an attribute instead. Could you give us an example of what you would like to do? -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
