> Does someone have a good howto on setting up Radius to make use of an LDAP > group. I read the ldap docs at freeradius.org and that seemed like > overkill I just want to have a group and put the user in the group to give > them access? > >
Say you have two groups, one that has access to dial and one that has access to adsl. Some users can be in both groups. You have a NAS from 1.1.1.1 for dial and 2.2.2.2 for adsl. -dialonly user dn: uid=dialuser,ou=radius,dc=yourdomain,dc=com objectclass: radiusprofile uid: dialuser userpassword: somepass radiusgroupname: dial -adslonly user dn: uid=adsluser,... objectclass: radiusprofile uid: adsluser userpassword: pass radiusgroupname: adsl -adsl and dial user dn: uid=both,... objectclass: radiusprofile uid: both userpassword: pass radiusgroupname: dial radiusgroupname: adsl In your users file DEFAULT NAS-IP-Address == 1.1.1.1, Ldap-Group == dial DEFAULT NAS-IP-Address == 2.2.2.2, Ldap-Group == adsl DEFAULT Auth-Type := Reject Packet comes from dial NAS, checks to see if user has radiusgroupname dial, if so it will match and then authenticate the user. User doesn't have dial, it will fall-through to Reject. Packet comes from adsl NAS, checks to see if user has radiusgroupname adsl, ... Hope that helps, Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
