Thanks, for the response, but still no luck. I'm not sure if I'm just
exhausted and missing something basic, or just some newbie mistake. I admit
I don't understand the whole autztype thing. Here are my files:
users:
DEFAULT NAS-IP-Address == 10.x.x.x, Autz-Type := VPN_LDAP
Fall-Through = Yes
DEFAULT Service-Type == Framed-User
Ascend-Assign-IP-Pool = 1,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1524,
Service-Type = Framed-User,
Fall-Through = Yes
radiusd.conf:
[omitted]
ldap VPN_LDAP {
server = "ldap.mydomain.com"
basedn = "o=mydomian.com"
filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
ldap Dial_LDAP {
server = "ldap.mydomain.com"
basedn = "o=mydomain.com"
filter = "(uid=%u)"
[omitted]
authorize {
autztype VPN_LDAP {
VPN_LDAP
}
autztype Dial_LDAP {
Dial_LDAP
}
}
[omitted]
authenticate {
authtype VPN_LDAP {
VPN_LDAP
}
authtype Dial_LDAP {
Dial_LDAP
}
}
I have tried several combinations to get the autztype to work. The documents
I was able to find on it have conflicting info...
Thanks again,
- joe
>
> > I am currently running FreeRadius 0.8.1 on RedHat 8.0. I have it working
to
> > authenticate any user against an iPlanet LDAP server, if the username
and
> > password are right it returns an accept and the user is all set. What I
> > would like to do is tie our 2 Cisco VPN servers into this using a
> > pre-existing LDAP attribute. Any user with the proper name and password
gets
> > dial in access, but only users with "x121address=yes" (generic
pre-existing
> > attribute we chose) get VPN access. I have read through the mail list
> > archives, searched on the web and tried all of the suggested different
ways
> > and none of them seem to work. I have tried multiple instances of ldap,
one
> > with the attribute and one without. I have tried using autz-type. Is it
> > possible for someone a little more knowledgeable to point me in the
right
> > direction. It seems as though it should just work with a few small
changes
> > to the radiusd.conf and users file. Thanks in advance for your time and
> > help.
> >
> > - Joe
>
> users file:
>
> DEFAULT NAS-IP-Address == My.VPN.Server.Ip, Autz-Type := VPN_LDAP
>
> ldap VPN_LDAP {
> [...]
> filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> }
>
> blah blah blah
>
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
