LDAP groups and attributes
plambrechtsen at gmail.com
Thu Mar 4 05:28:35 CET 2010
The eaist way is as per what I e-mailed to you.
This means you only need to create groups in your LDAP directory. It also
means you don't need to extend the LDAP Schema to do this.
And use the Postauth_users & Host Groups file to determine which server you
are allowed to login from.
I have yet to find a better or easier way to do things.
On Thu, Mar 4, 2010 at 5:19 PM, Jethro Carr <jethro.carr at jethrocarr.com>wrote:
> On Mon, 2010-03-01 at 17:42 -0500, John Dennis wrote:
> > If I understand correctly what you would like to do then check out
> > "profiles" in the ldap_howto.txt. A profile is a way to associate a set
> > of attributes (e.g. the profile) with a user.
> thanks John, Robert and off-listers,
> Looking at the ldap_howto.txt file and the responses I've had it seems
> that I need to:
> 1. Define groups/profiles in LDAP
> 2. Set attributes for the users stating which groups they belong to, eg
> using the radiusGroupName LDAP attribute.
> 3. Map the groups to NASes using huntgroups or users file.
> Going to give it a try and will post back with how I get on. Thanks for
> the help guys. :-)
> > > thanks in advance for any help! :-)
> > >
> > > FreeRadius version is 1.1.3 (RHEL 5 build) if that's important.
> > BTW, you can find a current 2.1.8 build for RHEL 5 by visiting
> > http://wiki.freeradius.org/RedHat_FAQ
> Thanks, but FYI, that page is blank.
> Jethro Carr
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users