On Wed, 2007-03-14 at 16:08 -0300, Matt Ashfield wrote:
> Ok, the users file it is! Thanks!
> I guess I was hoping for a link to an example of some sort. Because the user
> who would be given access is not explicitly defined in the users file (the
> users is defined in LDAP), I'm not sure how to setup a rule for that person.
> Thanks again,
> [EMAIL PROTECTED]
You would want to use the special username DEFAULT. (Check the man page
What I did (although this might be slightly hackish.) is I took a look
at the attributes in the request that was being sent by the supplicant.
I looked for attributes that were different between the wireless users
and the network equipment users. For example, you might want to do
"admin1" NAS-Port-Type == "Virtual", Auth-Type = LDAP
"admin2" NAS-Port-Type == "Virtual", Auth-Type = LDAP
# This matches everyone else
DEFAULT NAS-Port-Type == "Virtual", Auth-Type := Reject
# This will match all wireless users
DEFAULT NAS-Port-Type == "Wireless-802.11", Auth-Type = LDAP
Of course, this will mean that your network admins will *only* be able
to login via LDAP. You may need to configure some kind of Fall-Through
if you want users to authenticate using some other mechanism in addition
to LDAP. So this is not without its limitations, but this should give
you some ideas to start from.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html