FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 17, 2005 at 15:47 -0800 wrote: >Can we use Radius/LDAP to do this. >What I was hope we can do is as follow: >everyone will get one user-id/password But for every service we will >create >a boolean attribute. All services, dialup/wireless/vpn/etc will use one >radius server for both Auth(authenticate/authorize). >The question is can FreeRadius(or any radius) be configured to as the >LDAP >for the correct service attribute and give access both base on the >user-id/password and what the value of the services?
Sort of. The best bet is to use the LDAP "posixgroup" objectclass -- then you can force certain radius clients to require a specific group membership. Let me know when you get closer to implementation and I can help you with some config files. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html