On 28/08/2009, at 10:38 PM, "Ivan Kalik" <[email protected]> wrote:
I am trying to have a granular based reply items depending on the
NAS they
connected to all driven using attributes in LDAP without needing to
use
realms.
IE User A passes just User&Password to NAS A. and gets reply attr
"Service-Type=admin", and the admin comes from an LDAP Attribute
"nasA"
attribute in LDAP
Same user logs into NAS B and gets back a "Service-Type=user" and the
value
user comes from an attribute "nasB".
Looking through the ldap.attrmap it seems to be a static mapping for
Service-Type to be staticly set to a single value from LDAP, but what
happens if I want that value to be different depending on which NAS
I have
connected from.
Have searched around and havn't found any documents talking about
how to
have this grainular level of configuration.
Well, you have custom attributes in Ldap - translate them to custom
attributes in radius (define them first in raddb/dictionary and map
them
in ldap.attrmap, lets say nasA to nasA as replyItem, etc.)
Then use unlang to set service type:
if(NAS-IP-Address == NAS A IP) {
update reply {
Service-Type = "%{reply:nasA}"
}
}
elsif(NAS-IP-Address == NAS B IP) {
...
Ahhh I knew there must be an easy way. This is exactly what I was
looking for. I will have a play and post my results. Or update the wiki.
Many thanks!!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
