> >
> > ldap {
> > access_attr = "objectClass"
> ^^^^^^^^^^^^^
> Huh?
I was able to make this work if I just put "dialupAccess: yes" in the LDAP
record, and use 'access_attr = "dialupAccess"' in radius.conf. However,
the above entry really did work. I want to authorize and authenticate any
user that has an LDAP entry.
>
> > authorize {
> > ldap
> > }
>
> You need to add the files module in the authorize section
can you elaborate? the files module seems to be needed only if your users
information is in some flat files. All of my users information is in LDAP.
>
> >
> > authenticate {
> > Auth-Type LDAP {
> > ldap
> > }
> > }
>
> And you don't have anything else than ldap defined in your authentication
> section either.
Again, why would I need anything else? All users info is in LDAP. I would
like to be able to authorize and authenticate users in LDAP without a
password, but rather just by the fact that is an LDAP record. Here are
some typical LDAP records, perhaps they need more information? I am using
this to configure a DSL aggregation device where we have bridge and routed
customers. They will have unique 'cn's as soon as I can make these two
work.
dn: cn=bridged,ou=dsl,dc=speakeasy,dc=net
cn: bridged
objectClass: radiusprofile
dialupAccess: yes
radiusFramedIPAddress: 216.254.0.26
radiusFramedIPNetmask: 255.255.255.0
dn: cn=routed,ou=dsl,dc=speakeasy,dc=net
cn: routed
objectClass: radiusprofile
dialupAccess: yes
radiusFramedRoute: 66.92.0.0/255.255.255.0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
