Hello Freerk -
I am not quite sure how you are going to recognise the requests that you show below - are there different NAS's servicing each subnet? It is usually the NAS itself that allocates IP addresses.
The only thing you need to do to authenticate logon's to NAS equipment is to configure radius authentication. In the Radiator configuration file you will generally want to differentiate between administrative logons and ordinary access requests and there are a variety of ways to do this, including using Handlers like this:
<Handler Service-Type = Admin-User>
# handle NAS logons
<AuthBy LDAP2>
.....
AddToReply Service-Type = Admin-User
....
</AuthBy>
....
</Handler>
<Handler>
# handle ordinary access requests
....
</Handler>
Note that this topic has been discussed on the mailing list previously, so check the archive site too:
www.open.com.au/archives/radiator
regards
Hugh
On Wednesday, Mar 12, 2003, at 08:41 Australia/Melbourne, Freerk Bosscha wrote:
Thanks for reading the question:
?
If the next are silly questions, I’m sorry, but I would like to have an answer.
?
I would like to do the following:
?
Subnet 1.2.3.x / 255.255.255.0 must be validated bij ldap and a specific dn
?
Subnet 1.2.4.x / 255.255.255.0 must be validated bij ldap and a specific dn
?
Subnet 1.2.5.x / 255.255.255.0 must be validated bij ldap and a specific dn
?
Further what need to be specified in the .cfg to validate only specific users to logon to the
Cisco switch or router itself.
Perhaps I need to add specific attributes to the user-ldap-entry. If so, could you please specify which to use ?
?
Thanks in advance,
?
Freerk Bosscha
Noordelijke Hogeschool Leeuwarden
The Netherlands
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
