> Hello and Happy new Year, > > here is my prob, hope someone can help me. > I use freeradius to authenticate users against MS Active directory. Most of > my users obtain their Ips from ippool within radius, but some should obtain > their Address from AD. Who do i get the Address out of the AD and can assign > it to my user? > > Regards > > Markus >
Find the ldap attribute in AD with their IP address and netmask. Lets say its msipaddr and msipmask. Edit ldap.attrmap and point the correct radius attributes to the correct ad ldap attributes. eg replyItem Framed-IP-Address msipaddr replyItem Framed-IP-Netmask msipmask In your ippool configuration, make sure you have the following override = no Restart radius. Now when the user is authorized it will search for reply items. It will look for msipaddr and msipmask and make those values the framed-ip-address and framed-ip-netmask. The override = no, will tell rlm_ippool not to override those values. So, if those are already set, then rlm_ippool won't give that user an IP. -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
