On 31.12.2011 10:56, Christian Kölpin wrote:
I'am stuck while testing with LDAP an Radius. I'am get Radius to work with user authorisation against LDAP and authentication against kerberos. Even if i set a "simple" membership checking in ./modules/ldap it works fine.My problem is, I have several NAS (Some APs, Switches, VPN-Servers). Depending on the NAS another group-Membership should be checked . For example a user with memberships in "wireless" and "office-vpn" should get access if the request comes from the APs or a specific VPN-Server. Can someone give me a hint, how to setup such a szenario?
my solution
users:
DEFAULT Huntgroup-Name == "switches", Ldap-Group == "coolguys"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-ID = "1337"
huntgroups:
# Switch XY
all NAS-IP-Address == X.Y.Z.131, NAS-Port >= 1,NAS-Port <= 30
coolguys NAS-IP-Address == X.Y.Z.131, NAS-Port >= 31,NAS-Port <= 40
--
Jens Weibler
IT-Services
Hochschule Darmstadt
www.h-da.de
University of Applied Sciences
Fachbereich Informatik
www.fbi.h-da.de
Schöfferstr. 8b
D-64295 Darmstadt
Tel +49 6151 16-8425
Fax +49 6151 16-8935
[email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
