Re: Grouping users and clients
Kostas Kalevras wrote: O/H Giovanni Lovato έγραψε: Hi all. We have a set of Cisco routers and a pool of users in an LDAP directory. At this time routers are configured to request authentication to FreeRadius, which binds to LDAP and grants access to user on successfully binding. We need to create groups of routers and groups of users, granting accesso to certain groups of routers only to certain groups of users. Can we do that using FreeRadius? groups of routers = huntgroups ldap module provides functionality for group handling. Thank you, that is exactly what I mean :) Can I also define huntgroups on LDAP? I see radiusNASIpAddress and radiusHuntgroupName on Radius schema for LDAP. G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Grouping users and clients
Hi, I want to do the same, but with a sql-Database. Are there schemas for grouping users and devices? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Giovanni Lovato Gesendet: Donnerstag, 24. Mai 2007 10:23 An: FreeRadius users mailing list Betreff: Re: Grouping users and clients Kostas Kalevras wrote: O/H Giovanni Lovato έγραψε: Hi all. We have a set of Cisco routers and a pool of users in an LDAP directory. At this time routers are configured to request authentication to FreeRadius, which binds to LDAP and grants access to user on successfully binding. We need to create groups of routers and groups of users, granting accesso to certain groups of routers only to certain groups of users. Can we do that using FreeRadius? groups of routers = huntgroups ldap module provides functionality for group handling. Thank you, that is exactly what I mean :) Can I also define huntgroups on LDAP? I see radiusNASIpAddress and radiusHuntgroupName on Radius schema for LDAP. G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Grouping users and clients
Groups of users - usergroup table (standard SQL schema) Groups of devices - huntgroups file Ivan Kalik Kalik Informatika ISP Dana 24/5/2007, Rascher, Markus [EMAIL PROTECTED] piše: Hi, I want to do the same, but with a sql-Database. Are there schemas for grouping users and devices? -UrsprĂźngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Giovanni Lovato Gesendet: Donnerstag, 24. Mai 2007 10:23 An: FreeRadius users mailing list Betreff: Re: Grouping users and clients Kostas Kalevras wrote: O/H Giovanni Lovato ÎÎłĎ#65533;ÎąĎ#65533;Îľ: Hi all. We have a set of Cisco routers and a pool of users in an LDAP directory. At this time routers are configured to request authentication to FreeRadius, which binds to LDAP and grants access to user on successfully binding. We need to create groups of routers and groups of users, granting accesso to certain groups of routers only to certain groups of users. Can we do that using FreeRadius? groups of routers = huntgroups ldap module provides functionality for group handling. Thank you, that is exactly what I mean :) Can I also define huntgroups on LDAP? I see radiusNASIpAddress and radiusHuntgroupName on Radius schema for LDAP. G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Grouping users and clients
[EMAIL PROTECTED] wrote: Groups of users - usergroup table (standard SQL schema) Groups of devices - huntgroups file No way to store huntgroups directives on LDAP or SQL? G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: Grouping users and clients
No way to store huntgroups directives on LDAP or SQL? I worked out a sql scheme to store users and their privileges to access certain services. Then i told the radiusd to query a stored procedure on the db, instead of the standard radcheck-table. In the stored procedure i did some queries to find find out if the user should have access to the requested service. I don't know if this is possible in ldap too... I guess not. Greez Markus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: AW: Grouping users and clients
Rascher, Markus wrote: No way to store huntgroups directives on LDAP or SQL? I worked out a sql scheme to store users and their privileges to access certain services. Then i told the radiusd to query a stored procedure on the db, instead of the standard radcheck-table. In the stored procedure i did some queries to find find out if the user should have access to the requested service. I don't know if this is possible in ldap too... I guess not. Or... # cat huntgroups ServiceAClient-IP-Address == 1.2.3.4 SQL-Group == ServiceA and... mysql select * from radius.usergroup limit 1; ++-+---+ | id | UserName| GroupName | ++-+---+ | 65 | [EMAIL PROTECTED] | ServiceA | ++-+---+ and it just works. For LDAP, I think you will need LDAP-Group instead of SQL-Group in the huntgroups file. I'm not sure what it will look like in the LDAP schema, but I am pretty sure others are doing this. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Grouping users and clients
Hi all. We have a set of Cisco routers and a pool of users in an LDAP directory. At this time routers are configured to request authentication to FreeRadius, which binds to LDAP and grants access to user on successfully binding. We need to create groups of routers and groups of users, granting accesso to certain groups of routers only to certain groups of users. Can we do that using FreeRadius? Thank you, G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Grouping users and clients
O/H Giovanni Lovato έγραψε: Hi all. We have a set of Cisco routers and a pool of users in an LDAP directory. At this time routers are configured to request authentication to FreeRadius, which binds to LDAP and grants access to user on successfully binding. We need to create groups of routers and groups of users, granting accesso to certain groups of routers only to certain groups of users. Can we do that using FreeRadius? groups of routers = huntgroups ldap module provides functionality for group handling. Thank you, G.L. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html