Re: howto: radius and ldap group attributes

Tue, 25 May 2004 06:15:23 -0700 

On Tue, 25 May 2004, Michael Schwartzkopff wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> (...)
> > Run radiusd in debug mode to see exactly what's happening. Are you sure you
> > have the files module before the ldap module? If it's the other way around
> > that would explain the VALN id not being read.
>
> Thanks. The location of the files module was the problem. Now I have an
> additional question:
>
> I want to authenticate users and assign VLAN IDs according to their group
> memebership. All should be defined in an LDAP database.
>
> ou=profiles: The VLAN properties of the groups
>
> ou=users: The users
>
> Every user has exact one radiusGroupName which gives the VLAN group
> memebership. The actual VLAN parameters should be taken from the
> uid=vlan<1...20>,ou=profiles,ou=radius,dc=multinet,dc=de
>
> Is this possible to configure in one entry of the users file? Like:
>
> DEFAULT Ldap-Group =~ vlan*, \
>       User-Profile := "uid=%{Ldap-Group},ou=profiles,ou=radius,dc=multinet,dc=de"
>         Reply-Message = "vlan group",
>         Fall-Through = no
>
> Or do I have to configure a separate DEFAULT Ldap-Group entry for every VLAN?
> Is there any better solution ?

You don't need ldap groups for that you can do it with regular profiles (see the
profile_attribute configuration directive)
Something like:

profile_attribute = radiusProfileDN

dn: uid=User1,ou=users,ou=radius,dc=multinet,dc=de
uid: User1
radiusProfileDN: uid=vlan1,ou=profiles,ou=radius,dc=multinet,dc=de

>
> - --
> Dr. Michael Schwartzkopff
> MultiNET Services GmbH
> Bretonischer Ring 7
> 85630 Grasbrunn
>
> Tel: (+49 89) 456 911 - 0
> Fax: (+49 89) 456 911 - 21
> mob: (+49 174) 343 28 75
>
> PGP-ID: 15F925D9CEF94F2C
> Fingerprint: AF27 2674 4631 E230 B431  F68D 15F9 25D9 CEF9 4F2C
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>
> iD8DBQFAs0R3Ffkl2c75TywRAuF0AJ91rifJMOdUSimX8oOmsS8Bu+8kEQCfSXbU
> oqzmgheih6SVH6wCrX93jZs=
> =sfgy
> -----END PGP SIGNATURE-----
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to