AW: AW: Grouping users and clients
Dennis Skinner
dskinner at bluefrog.com
Thu May 24 17:16:17 CEST 2007
Rascher, Markus wrote:
>> No way to store huntgroups directives on LDAP or SQL?
>
> I worked out a sql scheme to store users and their privileges to access
> certain services.
> Then i told the radiusd to query a stored procedure on the db, instead
> of the standard radcheck-table. In the stored procedure i did some
> queries to find find out if the user should have access to the requested
> service.
> I don't know if this is possible in ldap too... I guess not.
Or...
# cat huntgroups
ServiceA Client-IP-Address == 1.2.3.4
SQL-Group == ServiceA
and...
mysql> select * from radius.usergroup limit 1;
+----+---------------------+-----------+
| id | UserName | GroupName |
+----+---------------------+-----------+
| 65 | username at domain.com | ServiceA |
+----+---------------------+-----------+
and it just works.
For LDAP, I think you will need LDAP-Group instead of SQL-Group in the
huntgroups file. I'm not sure what it will look like in the LDAP
schema, but I am pretty sure others are doing this.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
More information about the Freeradius-Users
mailing list