Re: help groups and LDAP

Thu, 18 Nov 2004 06:35:30 -0800 

Just some words:

It's starting to work, but I found that this is case sensitive:
DEFAULT Ldap-Group == SCEco, Pool-Name := "ScEco_pool"

So If the user get a group ScEco, it won't work..

Am I obliged to activate regular expression and do:
LDAP-Group =~ /sceco/i
?.
Or is there a more efficient way?.

Thanks

dom

Dustin Doris a Ãcrit :

You'll still need to configure the ippool modules and include those in the
accounting section and post-auth section.  Forgot to include that in the
last email.  A radiusd -X will show you exactly what is going on.  If it
doesn't work, please post that to the list will all output.

ie:

accounting {
...
u2labo
u3labo
...
}

post_auth {
...
u2labo
u3labo
...
}

On Wed, 17 Nov 2004, LALOT Dominique wrote:



Thanks,

I have to leave, but the quick and last test I did with your advice,
gave me bad results. See tomorrow..
Using radtest, I don't get any IP, and there is very little doc about
ippool and the way it works.

I suppose that the NAS is completely relying on radius for IP delivery.
I'm wondering what happen in case of the failure of the main radius server.

Dom

Dustin Doris a ïcrit :



Hello all,

I've spent quite a long time trying to understand how freeradius works
and trying to get everything I want working.
I am using Openldap since 2001 and I've no problems to understand LDAP
as I wrote many programs around LDAP. In fact I don't understand how
groups are working under radius.

My aim: I would like to distribute different IP pool for users.

The best for me: In the users DN, we already have an attribute for a
laboratory, ie u2labo
I would like to say:
1. authenticate the user in ldap (works ok)
2. Get the attribute u2labo
3 use that value to get the ip range (somewhere even outside ldap
(users)) to distribute the IP.

I've tried many configurations without success. The debugging of ldap
show me just bind successfull without search for  groups. I tried to
add  radiusprofile Objectclass without success. So what  is the meaning
of groups in radius?.
can we say:
user fred  attributes XXX member of group test
group test the rest of attributes.

Could you give me the minimum to set in conf files to get it working?

Thanks

Dom






--
Dominique LALOT IngÃnieur SystÃme RÃseau CISCAM Pole RÃseau
Università de la MÃditerranÃe http://annuaire.univ-mrs.fr/showuser.php?uid=lalot


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to