: Re: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!

Wed, 10 Sep 2008 14:05:25 -0700 

Sorry!!!... faded format when sending the earlier mail

--
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
--- Begin Message --- 
Sorry, but I don't understand very well.
For that you understand our "scenario", we have an LDAP server with users that are all in oneself branch. All these users have the attribute "PostOfficeBox". We will use this attribute as the group attribute(i.e., to makes the difference between user's types). For example, if PostOfficeBox=00000001 then the user belongs to Sales, if PostOfficeBox=00000002 then the user belongs to Marketing.
So, what we need is assign addresses to vpn users according to PostOfficeBox value.
My config in the ldap.attrmap is something like that... (This is what you said??? Is correct???) 
   checkItem    $GENERIC$   radiusCheckItem
   replyItem      $GENERIC$   radiusReplyItem
checkItem vpnusers1 PostOfficeBox #vpnusers1 and vpnusers2 are the ippool checkItem vpnusers2 PostOfficeBox #PostOfficeBox is the LDAP attribute 

In the user file...
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN1, AUTZ-Type :=LDAPVPN1, Pool- Name :=vpnusers1 DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN2, AUTZ-Type :=LDAPVPN2, Pool-Name :=vpnusers2 
   # y.y.y.y= address of VPN Server

In the radius.conf
ldap vpnldap1 {
  server = "x.x.x.x"
  identity = "cn=Directory Manager"
  password = **********
  basedn = "ou=People, dc:blah, dc=cl"
  filter = "(&(uid=%u)(PostOfficeBox=00000001))"
  authtype = ldap
  set_asuth_type = yes
}

ldap vpnldap2 {
  server = "x.x.x.x"
  identity = "cn=Directory Manager"
  password = **********
  basedn = "ou=People, dc:blah, dc=cl"
  filter = "(&(uid=%u)(PostOfficeBox=00000002))"
  authtype = ldap
  set_asuth_type = yes
}
....
authorize {
   files
   Autz-Type LDAPVPN1 {
      vpnldap1
      }
Autz-Type LDAPVPN2 {
      vpnldap2
      }
}
....
authentication {
   Auth-Type LDAPVPN1 {
      vpnldap1
      }
   Auth-Type LDAPVPN2 {รง
      vpnldap2
      }
}
....
ippool vpnusers1 {
   range-start    = 10.0.0.10
   range-stop    = 10.0.0.19
   netmask        = 255.255.255.0
   cache-size    = 10
   session-db    = ${raddbdir}/db.vpnusers1-session
   ip-index        = ${raddbdir}/db.vpnusers1-index
   override        = yes
} 
ippool vpnusers2 {
   range-start    = 10.0.0.20
   range-stop    = 10.0.0.29
   netmask        = 255.255.255.0
   cache-size    = 10
   session-db    = ${raddbdir}/db.vpnusers2-session
   ip-index        = ${raddbdir}/db.vpnusers2-index
   override        = yes
} 

Please help me with that, because I don't know what's wrong in my config.

Thanks so much.

Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile

--- End Message ---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to