Thank you to this list! I am posting snips from my "users", "radiusd.conf" and "huntgroup" files that work.
********** huntgroups ********** admin NAS-IP-Address == 192.168.1.1 Session-Timeout = 60, Idle-Timeout = 30 public NAS-IP-Address == 192.168.1.2 NAS-IP-Address == 192.168.1.3, Idle-Timeout = 3600 vpn NAS-IP-Address == 192.168.1.4 ********** radiusd.conf ********** <snip> ldap { server = "ldap.example.com" port = xxxx identity = "cn=proxy,dc=example,dc=com" password = itsasecret basedn = "ou=People,dc=example,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 groupname_attribute = cn groupmembership_filter = "(&(objectClass=GroupOfNames)(member=%{ Ldap-UserDn}))" groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 } <snip> ********** users ********** <snip> DEFAULT Auth-Type = LDAP Fall-Through = yes DEFAULT Huntgroup-Name == public, Ldap-Group == public Reply-Message = "Welcome to the dial-in service", Fall-Through = no DEFAULT Huntgroup-Name == admin, Ldap-Group == admin Reply-Message = "Welcome to the admin Termial Server", Fall-Through = no DEFAULT Huntgroup-Name == vpn, Ldap-Group == vpn Reply-Message = "Welcome to the VPN Gateway", Fall-Through = no DEFAULT Auth-Type := Reject Reply-Message = "You are not authorized to use this service. If you believe you have received this message in error, please contact our Helpdesk." <snip> ***** user ldap record ***** dn: uid=user1,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: public radiusGroupName: vpn radiusGroupName: admin dn: uid=user2,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: public dn: uid=user3,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: public radiusGroupName: vpn -- Karen R. McArthur <[EMAIL PROTECTED]> Systems Administrator Information and Library Services, Bates College Lewiston, Maine 04240 USA ph:(207)786-8236 fax:(207)786-6057 > > RedHat EL 4 (managed through RHN, so latest available versions) > freeradius-1.0.1-3 > openldap-2.2.13-6 > > I have 4 NAS-IP-Addresses. > > My users are split into 6 groups (some are in multiple groups): public, > faculty, staff, student, vpn, and admin. > > I would like the users to get access to the NAS by virtue of being in a > group. > > 192.168.1.1 > admin > 192.168.1.2 > vpn > 192.168.1.3 & 192.168.1.4 > faculty, staff, student & public > > What steps do I need to follow to implement this? I have tried many > combinations in "huntgroups", "users", and "radiusd.conf". > > Any directions or urls to documentation would be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html