On Thu, 20 Feb 2003, Joseph Raviele wrote:
> Thanks, for the response, but still no luck. I'm not sure if I'm just
> exhausted and missing something basic, or just some newbie mistake. I admit
> I don't understand the whole autztype thing. Here are my files:
>
> users:
> DEFAULT NAS-IP-Address == 10.x.x.x, Autz-Type := VPN_LDAP
> Fall-Through = Yes
>
> DEFAULT Service-Type == Framed-User
> Ascend-Assign-IP-Pool = 1,
> Framed-IP-Address = 255.255.255.254,
> Framed-MTU = 1524,
> Service-Type = Framed-User,
> Fall-Through = Yes
>
> radiusd.conf:
> [omitted]
>
> ldap VPN_LDAP {
> server = "ldap.mydomain.com"
> basedn = "o=mydomian.com"
> filter =
> "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
>
> ldap Dial_LDAP {
> server = "ldap.mydomain.com"
> basedn = "o=mydomain.com"
> filter = "(uid=%u)"
> [omitted]
> authorize {
> autztype VPN_LDAP {
> VPN_LDAP
> }
> autztype Dial_LDAP {
> Dial_LDAP
> }
> }
Do you have the files module in the authorize section?
> [omitted]
> authenticate {
> authtype VPN_LDAP {
> VPN_LDAP
> }
> authtype Dial_LDAP {
> Dial_LDAP
> }
> }
>
> I have tried several combinations to get the autztype to work. The documents
> I was able to find on it have conflicting info...
>
> Thanks again,
>
> - joe
>
> >
> > > I am currently running FreeRadius 0.8.1 on RedHat 8.0. I have it working
> to
> > > authenticate any user against an iPlanet LDAP server, if the username
> and
> > > password are right it returns an accept and the user is all set. What I
> > > would like to do is tie our 2 Cisco VPN servers into this using a
> > > pre-existing LDAP attribute. Any user with the proper name and password
> gets
> > > dial in access, but only users with "x121address=yes" (generic
> pre-existing
> > > attribute we chose) get VPN access. I have read through the mail list
> > > archives, searched on the web and tried all of the suggested different
> ways
> > > and none of them seem to work. I have tried multiple instances of ldap,
> one
> > > with the attribute and one without. I have tried using autz-type. Is it
> > > possible for someone a little more knowledgeable to point me in the
> right
> > > direction. It seems as though it should just work with a few small
> changes
> > > to the radiusd.conf and users file. Thanks in advance for your time and
> > > help.
> > >
> > > - Joe
> >
> > users file:
> >
> > DEFAULT NAS-IP-Address == My.VPN.Server.Ip, Autz-Type := VPN_LDAP
> >
> > ldap VPN_LDAP {
> > [...]
> > filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> > }
> >
> > blah blah blah
> >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
