Multiple switches access + ldap

julio at pop-pe.rnp.br julio at pop-pe.rnp.br
Fri Mar 14 19:53:23 CET 2008


Hello all,

I want to know if this kind of answer by RADIUS is possible:
I need to authenticate some users for the switches in my network (all from
3com) and the users don't have the same access level in all switches, for
example, the user1 has admin access level in SWITCH1 and don't have access
for SWITCH2, but the user2 has admin access to both of them.

I have a working configuration where a user have the same access level for
all switches and in this way I have a LDAP base like this:
uid = user1
userPassword = teste
3Com-User-Access-Level = 3Com-Administrator

I was thinking about change the configuration of my LDAP database creating
a child fo each switch that the user has access and in this subtree put
the level of access, making the LDAP base 'appear' like this:
         uid = user1
         userPassword = teste
       /                   \
 cn = SWITCH1              cn = SWITCH2             .......
 3com-level = admin        3com-level = level       .......

Is this a good way of doing this? There are another ways? Using this way
how can I put the right answer in RADIUS reply?

Thanks
Julio Andrade




More information about the Freeradius-Users mailing list