Re: 3 LDAP questions!

Mon, 25 Oct 2004 06:14:12 -0700 

On Mon, 25 Oct 2004, Ilia Chipitsine wrote:

Dear Sirs,

the questions are:

1) I have samba-3 working with LDAP, objectClass=sambaSamAccount,
  it has attribute: sambaNTPassword, which is exactly the password
  which is needed by MSCHAP, but it is NOT in the form 0x...,

  is it possible to manage freeradius working with that form
  of NT password ?

2) NAS-IP-Address is missing in RADIUS-LDAPv3.schema
  what steps should I take in order to add that attrinute ?
  is it described in some RFC or I just add it to schema and send
  patch back to developers ?

You could just add it and send it back through a bugs report in bugs.freeradius.org


3) how can equivalent of the following users file be implemented with
  LDAP:

chel   Auth-Type := MS-CHAP, NAS-IP-Address == 192.168.201.1
      Service-Type = Framed-User,
      Simultaneous-Use = 1,
      Framed-Protocol = PPP,
      Framed-IP-Address = 192.168.201.2,
      Framed-IP-Netmask = 255.255.255.0,
      Framed-Routing = Broadcast-Listen,
      Framed-Filter-Id = "std.ppp",
      Framed-MTU = 1400,
      Framed-Compression = Van-Jacobson-TCP-IP

chel   Auth-Type := MS-CHAP, NAS-IP-Address == 192.168.202.1
      Service-Type = Framed-User,
      Simultaneous-Use = 1,
      Framed-Protocol = PPP,
      Framed-IP-Address = 192.168.202.2,
      Framed-IP-Netmask = 255.255.255.0,
      Framed-Routing = Broadcast-Listen,
      Framed-Filter-Id = "std.ppp",
      Framed-MTU = 1400,
      Framed-Compression = Van-Jacobson-TCP-IP

so, I need to records for "chel" user depending on NAS-IP-Address they come from.

In ldap you have only *one* record for each user. If you need different Framed-IP-Address attributes for each user depending on the NAS then you need to either:

Create multiple user entries and use a filter to find them:
(&(uid=%u)(nasipaddress=%{NAS-IP-Address}))

Create multiple ldap module instances with different attribute mappings and depending on the NAS select the corresponding instance:

DEFAULT NAS-IP-Address == 192.168.201.1, Autz-Type := ldap1


Cheers,
Ilia Chipitsine


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to