I've a FreeRADIUS server (1.0.2, from debian stable) that is set up to
authenticate users of a VPN into the network.
I've presently got the firewall talking to FreeRADIUS which then talks
to LDAP and check the existence access_attr: vpntype
If the users profile has the attribute of vpntype in it, they're let in.
What we'd rather do is allow access based on the value of access_attr .
So rather than just allowing if it exists, we might later pass on some
extra rights to people in different groups. vpntype: foo or
vpntype: bar vpntype: baz - whatever those values might be.
Am I looking in the wrong spot for this ? Is access_attr: the right
place to put such a setting? Or is there someplace else.
I've done some basic searches of the mail archive, but I think my
barking up the wrong tree may be causing my searches to be too broad.
Pointers towards fine tuning my search or possibly some threads on
this, would be welcome.
Thanks
j
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
