Well if you are talking about actually grouping users then that is different from what you typed originally. Based on your original request a person [EMAIL PROTECTED] will be rejected unless you have them defined in LDAP. Now your new request talks about group membership. In that context you will need two things. One a group membership definition in LDAP based on the attribute defined in radiusd.conf. And a DEFAULT record in the user file to tell freeradius what to do with it.
This should satisfy your need. Gene -----Original Message----- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 8:10 PM To: [EMAIL PROTECTED] Subject: RE: Group Membership jury-rigging OK... I think we're talking about two different things. At this point, the request is going to come in to ask "Is [EMAIL PROTECTED] a member of group blazo?". There's not going to be a password or any authentication information in this first request. Assuming RADIUS says "Yes", the device will get the user name and password and respond with an authentication request with username and password. Owen --On Thursday, July 10, 2003 20:03 -0400 Gene Parks <[EMAIL PROTECTED]> wrote: > It does that by default. It is looking specifically for the realm if > you setup radiusd.conf to do that. It will reject anything it doesn't > find. > > Gene > > -----Original Message----- > From: Owen DeLong [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 4:54 PM > To: [EMAIL PROTECTED] > Subject: Group Membership jury-rigging > > > I have an application where I have a device that will be doing group > membership queries against my radius server looking for members in > a group called "foo" of the form "[EMAIL PROTECTED]". Is there any way > to jury rig radius such that it will: > > Only permit @blah.zorp and reject any other @foo.blah. > > Take user from [EMAIL PROTECTED] and look it up in LDAP. > > Return True if user is found and fals if usre is not found. > > If anyone has any handy config examples for how to accomplish this, > I'd be _VERY_ appreciative. > > Thanks, > > Owen > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
