How to store clients.conf in LDAP?
c0re
nr1c0re at gmail.com
Wed Feb 2 09:57:31 CET 2011
Hello freeradius users!
I've configured authentication and authorization via freeradius that
looking in openldap for users and passwords.
In radius.conf in ldap section I used filter
filter = "(&(cn=%{Stripped-User-Name:-%{User-Name}})(description=%{NAS-IP-Address}))"
So I only need to make description field with IP address of device to
give user access to some device.
But when I add new device I always have to edit clients.conf, add new
IP address and secret. I do not want to use 0.0.0.0 and same secret
for all devices.
Is it possible to store device secrets in openldap? If yes, please,
point me to right direction.
And may be it's possible change way how can I give access to devices
for users? I mean something like group
cn=someSwitch,ou=devices,dc=domain,dc=com, and this group has field
with IP address of device and something like "member: user1" or
"memberUid: cn=user1,ou=users,dc=domain,dc=com". I'm a bit confused
about how to implement it...
Thanks in advance for advices!
More information about the Freeradius-Users
mailing list