You'll still need to configure the ippool modules and include those in the
accounting section and post-auth section. Forgot to include that in the
last email. A radiusd -X will show you exactly what is going on. If it
doesn't work, please post that to the list will all output.
ie:
accounting {
...
u2labo
u3labo
...
}
post_auth {
...
u2labo
u3labo
...
}
On Wed, 17 Nov 2004, LALOT Dominique wrote:
> Thanks,
>
> I have to leave, but the quick and last test I did with your advice,
> gave me bad results. See tomorrow..
> Using radtest, I don't get any IP, and there is very little doc about
> ippool and the way it works.
>
> I suppose that the NAS is completely relying on radius for IP delivery.
> I'm wondering what happen in case of the failure of the main radius server.
>
> Dom
>
> Dustin Doris a écrit :
>
> >>Hello all,
> >>
> >>I've spent quite a long time trying to understand how freeradius works
> >>and trying to get everything I want working.
> >>I am using Openldap since 2001 and I've no problems to understand LDAP
> >>as I wrote many programs around LDAP. In fact I don't understand how
> >>groups are working under radius.
> >>
> >>My aim: I would like to distribute different IP pool for users.
> >>
> >>The best for me: In the users DN, we already have an attribute for a
> >>laboratory, ie u2labo
> >>I would like to say:
> >>1. authenticate the user in ldap (works ok)
> >>2. Get the attribute u2labo
> >>3 use that value to get the ip range (somewhere even outside ldap
> >>(users)) to distribute the IP.
> >>
> >>I've tried many configurations without success. The debugging of ldap
> >>show me just bind successfull without search for groups. I tried to
> >>add radiusprofile Objectclass without success. So what is the meaning
> >>of groups in radius?.
> >>can we say:
> >>user fred attributes XXX member of group test
> >>group test the rest of attributes.
> >>
> >>Could you give me the minimum to set in conf files to get it working?
> >>
> >>Thanks
> >>
> >>Dom
> >>
> >>
> >>
> >
> >You can modify the groupname attribute to be the lab attribute and then
> >use that to hand out the pools.
> >
> >So in radiusd.conf in the ldap section, change groupname_attribute to
> >groupname_attribute = laboratory (or whatever that attribute name is)
> >
> >Then you create an ippool config for each lab. Say you have one called
> >u2labo and one called u3labo.
> >
> >ipppol u2labo {
> > configure this...
> >}
> >
> >ipppol u3labo {
> > configure this...
> >}
> >
> >Then in the users file, you add something like this
> >
> >DEFAULT Ldap-Group == u2labo, Pool-Name := "u2labo"
> > Fall-Through = no
> >
> >DEFAULT Ldap-Group == u3labo, Pool-Name := "u3labo"
> > Fall-Through = no
> >
> >
> >I think that should do it.
> >
> >-Dusty Doris
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >
> >
>
> --
> Dominique LALOT
> Ingénieur Système Réseau CISCAM Pole Réseau
> Université de la Méditerranée
> http://annuaire.univ-mrs.fr/showuser.php?uid=lalot
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
