Hello,
( radiusd: FreeRADIUS Version 1.0.0-pre3 ) solaris, iplanet directory server 5.2 ...
We are attempting to authenticate multiple users based on which Called-Station-ID or NAS-IP-Address. We would like to dynamically build the LDAP search filter based on the originating source. Is this possible? What I would like to do is set the attribute "userclass" to some value and use the value in the LDAP filter. If this is not possible, how can i authorzie multiple sources using unique ldap search filters?
users file:
DEFAULT Called-Station-ID =~ "8888$|7777$|6666$", Auth-Type := LDAP
userClass = ourDialup,
Fall-Through = NoDEFAULT NAS-IP-Address == 192.168.1.150, Auth-Type := LDAP
userClass = ourWiFi,
Fall-Through = NoDEFAULT Auth-Type := Reject
Reply-Message = "UNKNOWN Authentication method"radiusd.conf
ldap {
identity = "uid=someuser,ou=site,dc=..."
password = xxxxxxxx
basedn = "ou=site ... t"
filter = "(&(uid=%{User-Name})(userClass=%{userclass}))"
...
}Debug information showing ldapsearch filter NOT being set. rlm_ldap: - authorize rlm_ldap: performing user authorization for test666 radius_xlat: '(&(uid=test666)(userClass=))' radius_xlat: 'o=cvip.net' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0
Any help would be greatly appreciated.
Thanks,
Jay
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
