reject some users from radius - ldap ?
Nicolas Baradakis
nbk at sitadelle.com
Wed Sep 7 12:53:07 CEST 2005
Frank Bonnet wrote:
> I use freeradius with ldap to manage wi-fi users ( thru chillispot )
> everything works well but I would like to know if it is possible
> to exclude some users with radius ?
>
> My purpose is to forbid wi-fi access BUT let use the wired LAN access
> to the considered users.
I'm doing this with MySQL on my site, but perhaps the following
approach may work with LDAP:
1. Define huntgroups "wifi" and "wired" in raddb/huntgroups.
2. In LDAP, provision the attribute "radiusHuntgroupName" with the
values "wifi" or "wired" (or both) in all the "radiusprofile"
entries.
3. In the section ldap{} of raddb/radiusd.conf, modify the filter
like that:
filter = (&(uid=%{User-Name})(radiusHuntgroupName=%{Huntgroup-Name}))
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list