Different reply items out of LDAP depending on the NAS
Ivan Kalik
tnt at kalik.net
Fri Aug 28 12:38:10 CEST 2009
> I am trying to have a granular based reply items depending on the NAS they
> connected to all driven using attributes in LDAP without needing to use
> realms.
>
> IE User A passes just User&Password to NAS A. and gets reply attr
> "Service-Type=admin", and the admin comes from an LDAP Attribute "nasA"
> attribute in LDAP
> Same user logs into NAS B and gets back a "Service-Type=user" and the
> value
> user comes from an attribute "nasB".
>
> Looking through the ldap.attrmap it seems to be a static mapping for
> Service-Type to be staticly set to a single value from LDAP, but what
> happens if I want that value to be different depending on which NAS I have
> connected from.
>
> Have searched around and havn't found any documents talking about how to
> have this grainular level of configuration.
Well, you have custom attributes in Ldap - translate them to custom
attributes in radius (define them first in raddb/dictionary and map them
in ldap.attrmap, lets say nasA to nasA as replyItem, etc.)
Then use unlang to set service type:
if(NAS-IP-Address == NAS A IP) {
update reply {
Service-Type = "%{reply:nasA}"
}
}
elsif(NAS-IP-Address == NAS B IP) {
...
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list