Hello Marc -
At 18:47 +0100 01/1/22, Marc Langer wrote:
>Hello,
>
>I'd like to deny access to users (i.e. they cannot dial in)
>if a certain attribute in the user's ldap entry has a specific value,
>e.g. "0" or "Reject".
>
>I am using the following radiator config for authentication with LDAP:
>
><Realm hjw>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy LDAP>
> Host x.x.x.x
> BaseDN ou=kunden, o=xxx
> PasswordAttr userpassword
> AuthAttrDef maxtime,Auth-Type,check
> </AuthBy>
></Realm>
>
>As I understand the documentation, an Auth-Type "Reject" should deny
>access to the user. Therefore I use a value of "Reject" in the user's
>"maxtime" attribute, but this does not work.
>
>How can I solve this problem?
You would do something like this:
<Realm hjw>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP>
Host x.x.x.x
BaseDN ou=kunden, o=xxx
PasswordAttr userpassword
AuthAttrDef maxtime,GENERIC,check
</AuthBy>
</Realm>
The "maxtime" field would contain the following string:
Auth-Type = Reject
for those users you wish to reject.
hth
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
