I commented out the files lines because I kept getting errors. When I looked
up the error on the mailing list, it said the solution was to comment the
line out. Is the rest of the config, as far as autztyp, correct?
> On Thu, 20 Feb 2003, Joseph Raviele wrote:
>
> > Thanks, for the response, but still no luck. I'm not sure if I'm just
> > exhausted and missing something basic, or just some newbie mistake. I
admit
> > I don't understand the whole autztype thing. Here are my files:
> >
> > users:
> > DEFAULT NAS-IP-Address == 10.x.x.x, Autz-Type := VPN_LDAP
> > Fall-Through = Yes
> >
> > DEFAULT Service-Type == Framed-User
> > Ascend-Assign-IP-Pool = 1,
> > Framed-IP-Address = 255.255.255.254,
> > Framed-MTU = 1524,
> > Service-Type = Framed-User,
> > Fall-Through = Yes
> >
> > radiusd.conf:
> > [omitted]
> >
> > ldap VPN_LDAP {
> > server = "ldap.mydomain.com"
> > basedn = "o=mydomian.com"
> > filter =
> > "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> >
> > ldap Dial_LDAP {
> > server = "ldap.mydomain.com"
> > basedn = "o=mydomain.com"
> > filter = "(uid=%u)"
> > [omitted]
> > authorize {
> > autztype VPN_LDAP {
> > VPN_LDAP
> > }
> > autztype Dial_LDAP {
> > Dial_LDAP
> > }
> > }
>
> Do you have the files module in the authorize section?
>
> > [omitted]
> > authenticate {
> > authtype VPN_LDAP {
> > VPN_LDAP
> > }
> > authtype Dial_LDAP {
> > Dial_LDAP
> > }
> > }
> >
> > I have tried several combinations to get the autztype to work. The
documents
> > I was able to find on it have conflicting info...
> >
> > Thanks again,
> >
> > - joe
> >
> > >
> > > > I am currently running FreeRadius 0.8.1 on RedHat 8.0. I have it
working
> > to
> > > > authenticate any user against an iPlanet LDAP server, if the
username
> > and
> > > > password are right it returns an accept and the user is all set.
What I
> > > > would like to do is tie our 2 Cisco VPN servers into this using a
> > > > pre-existing LDAP attribute. Any user with the proper name and
password
> > gets
> > > > dial in access, but only users with "x121address=yes" (generic
> > pre-existing
> > > > attribute we chose) get VPN access. I have read through the mail
list
> > > > archives, searched on the web and tried all of the suggested
different
> > ways
> > > > and none of them seem to work. I have tried multiple instances of
ldap,
> > one
> > > > with the attribute and one without. I have tried using autz-type. Is
it
> > > > possible for someone a little more knowledgeable to point me in the
> > right
> > > > direction. It seems as though it should just work with a few small
> > changes
> > > > to the radiusd.conf and users file. Thanks in advance for your time
and
> > > > help.
> > > >
> > > > - Joe
> > >
> > > users file:
> > >
> > > DEFAULT NAS-IP-Address == My.VPN.Server.Ip, Autz-Type := VPN_LDAP
> > >
> > > ldap VPN_LDAP {
> > > [...]
> > > filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> > > }
> > >
> > > blah blah blah
> > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > > >
> > >
> > > --
> > > Kostas Kalevras Network Operations Center
> > > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > > Work Phone: +30 210 7721861
> > > 'Go back to the shadow' Gandalf
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
