freeRadius/LDAP per NAS access
Alexander Clouter
alex at digriz.org.uk
Mon Mar 7 23:14:04 CET 2011
Guy <guy at britewhite.net> wrote:
>
> I now have FreeRadius granting access and using LDAP for username and
> password information.
>
> My next challenge, using the same Radius and LDAP server I would like
> to grant different users access via different NAS clients.
>
> eg in LDAP I would have:
>
> uid=guy
> services: VPN
> services: WiFi
>
> If I have the "services: VPN" then I would be allowed to connect to
> the VPN server and if I don't have that entry in my LDIF then it would
> not be allowed to access.
>
> Any ideas on how to do this, simply?
>
..."Dear Lazyweb" eh? You should really *attempt* to try, or show you
have attempted something,
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg59481.html
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg62699.html
Now use "%{client:keyword}" in your LDAP xlat search query...
To be honest though, your approach *abuses* LDAP, you should be adding
them to a *group*, not bloating-up and overloading the user object;
otherwise you might as well use something horrible like SQL...
Cheers
--
Alexander Clouter
.sigmonster says: A woman can never be too rich or too thin.
More information about the Freeradius-Users
mailing list