- Authenticating user with FDS

Hariharan R hariharan at lantana.tenet.res.in
Thu Jul 13 13:59:39 CEST 2006

Yes, that method is working fine.

Thank you very much for your help.

Hariharan R wrote:
> Hi all,
>  I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend
> data store.
>  Let us consider the scenario..
>  I have two servers, one is a mail server and another one is a proxy
> server. Both servers are configured to use RADIUS+FDS for user
> authentication. In FDS i have two organizational unit under root domain.
> For Ex;
>  ou=mailusers,dc=example,dc=com
>  ou=proxyusers,dc=example,dc=com
>  In the 'raddb/radiusd.conf' file i specified the base domain as
>  (In LDAP module)
>  basedn = "dc=example,dc=com"
>  So whenever a client request comes to the RADIUS server it will look
> for the username in FDS.
>  The problem is, how the RADIUS will identify that whether the request
> is comes from the 'mail server' or from the 'proxy server'. Because for
> mailserver users i have to look in the "ou=mailusers,dc=example,dc=com"
> and for proxy users i have to look in the
> "ou=proxyusers,dc=example,dc=com".

Try this:


mail	NAS-IP-Address == the.mail.server.ip
proxy	NAS-IP-Address == the.proxy.server.ip


modules {
   ldap {
    basedn = "ou=%{Huntgroup-Name},dc=example,dc=com"

> How i can change the LDAP basedn according to the request.

Use any string expansion you like, as above.


More information about the Freeradius-Users mailing list