On Fri, 21 Feb 2003, Joseph Raviele wrote:
> I commented out the files lines because I kept getting errors. When I looked
> up the error on the mailing list, it said the solution was to comment the
> line out. Is the rest of the config, as far as autztyp, correct?
I think so but you NEED the files module somewhere (in the end) in the authorize
section.
>
>
> > On Thu, 20 Feb 2003, Joseph Raviele wrote:
> >
> > > Thanks, for the response, but still no luck. I'm not sure if I'm just
> > > exhausted and missing something basic, or just some newbie mistake. I
> admit
> > > I don't understand the whole autztype thing. Here are my files:
> > >
> > > users:
> > > DEFAULT NAS-IP-Address == 10.x.x.x, Autz-Type := VPN_LDAP
> > > Fall-Through = Yes
> > >
> > > DEFAULT Service-Type == Framed-User
> > > Ascend-Assign-IP-Pool = 1,
> > > Framed-IP-Address = 255.255.255.254,
> > > Framed-MTU = 1524,
> > > Service-Type = Framed-User,
> > > Fall-Through = Yes
> > >
> > > radiusd.conf:
> > > [omitted]
> > >
> > > ldap VPN_LDAP {
> > > server = "ldap.mydomain.com"
> > > basedn = "o=mydomian.com"
> > > filter =
> > > "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> > >
> > > ldap Dial_LDAP {
> > > server = "ldap.mydomain.com"
> > > basedn = "o=mydomain.com"
> > > filter = "(uid=%u)"
> > > [omitted]
> > > authorize {
> > > autztype VPN_LDAP {
> > > VPN_LDAP
> > > }
> > > autztype Dial_LDAP {
> > > Dial_LDAP
> > > }
> > > }
> >
> > Do you have the files module in the authorize section?
> >
> > > [omitted]
> > > authenticate {
> > > authtype VPN_LDAP {
> > > VPN_LDAP
> > > }
> > > authtype Dial_LDAP {
> > > Dial_LDAP
> > > }
> > > }
> > >
> > > I have tried several combinations to get the autztype to work. The
> documents
> > > I was able to find on it have conflicting info...
> > >
> > > Thanks again,
> > >
> > > - joe
> > >
> > > >
> > > > > I am currently running FreeRadius 0.8.1 on RedHat 8.0. I have it
> working
> > > to
> > > > > authenticate any user against an iPlanet LDAP server, if the
> username
> > > and
> > > > > password are right it returns an accept and the user is all set.
> What I
> > > > > would like to do is tie our 2 Cisco VPN servers into this using a
> > > > > pre-existing LDAP attribute. Any user with the proper name and
> password
> > > gets
> > > > > dial in access, but only users with "x121address=yes" (generic
> > > pre-existing
> > > > > attribute we chose) get VPN access. I have read through the mail
> list
> > > > > archives, searched on the web and tried all of the suggested
> different
> > > ways
> > > > > and none of them seem to work. I have tried multiple instances of
> ldap,
> > > one
> > > > > with the attribute and one without. I have tried using autz-type. Is
> it
> > > > > possible for someone a little more knowledgeable to point me in the
> > > right
> > > > > direction. It seems as though it should just work with a few small
> > > changes
> > > > > to the radiusd.conf and users file. Thanks in advance for your time
> and
> > > > > help.
> > > > >
> > > > > - Joe
> > > >
> > > > users file:
> > > >
> > > > DEFAULT NAS-IP-Address == My.VPN.Server.Ip, Autz-Type := VPN_LDAP
> > > >
> > > > ldap VPN_LDAP {
> > > > [...]
> > > > filter =
> "(&(uid=%{Stripped-User-Name:-%{User-Name}})(x121address=yes))"
> > > > }
> > > >
> > > > blah blah blah
> > > >
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > > >
> > > >
> > > > --
> > > > Kostas Kalevras Network Operations Center
> > > > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > > > Work Phone: +30 210 7721861
> > > > 'Go back to the shadow' Gandalf
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
