Re: separate NASs authenticating against separate LDAP filters

Tue, 05 Oct 2004 14:26:15 -0700 

On Tue, 5 Oct 2004, Breeze P. Howard wrote:

> Hello,
>
> I searched throught the list archives, but didn't find anything pertaining
> to this issue (or I just didn't search on the correct phrases).
>
> I'm running freeRadius 1.0.1 on RedHat 2.4.21-20.ELsmp (Enterprise ES
> 3.0). I've got it authenticating against my LDAP servers (several
> redundant) and everything is working well.
>
> However, I'd like to configure the radius server to allow separate NAS
> servers to authenticate against separate LDAP filters.  To essentially use
> the radius for several different projects all with different user groups.
>
> Ex.
> NAS1 authenticates against the ldap and only allows users with attribute-A.
> NAS2 authenticates against the same ldap and allows users with attribute-B=X.
> NAS3 authenticates against the same ldaps and allows users with attribute-B=Y.

If you want only the above:

users:

DEFAULT NAS-IP-Address == NAS1, Hint = "attribute-A=*"

DEFAULT NAS-IP-Address == NAS2, Hint = "attribute-B=X"

DEFAULT NAS-IP-Address == NAS3, Hint = "attribute-B=Y"


radiusd.conf:

ldap{
        [...]
        filter = "(&(uid=%u)(%{Hint}))"
}

>
> I'm not sure how this would be possible, but I suspect it involves some
> combination of authorization/authenticate modules each calling different
> ldap modules with different filter attributes.  And then maybe
> huntgroups/users set up to choose a different auth-type for each group?
>
> Am I on the right track? Is there an easier way to do this? Or is this
> something that is not even possible to do with one instance of radiusd?
> and in that case I will need to run several instances of the daemon to
> authenticate these different usergroups?
>
> Thanks in Advance,
> Breeze Howard
>
> ----------------------
> Breeze P. Howard
> [EMAIL PROTECTED]
> (850) 644-2591
> Academic Computing & Networking Services
> Florida State University
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to