Authorization according to openLDAP group or attribute?
Mark jensen
ngiw2012 at hotmail.com
Sun Aug 3 14:01:52 CEST 2014
I have configured freeradius successfully to authenticate users using IEEE802.1x && openLDAP as a back-end DB.
I have seen that we can add `ldap` to the authorize section like this:
authorize {
...
ldap
...
}
and we can forbid some users according to openLDAP attribute
authorize {
...
ldap
if (reply:Eduroam-Enabled != "Y") {
reject
}
...
}
But what if we want to do authorization like this:
We have multiple web servers:
192.168.1.5
192.168.1.6
192.168.1.7
And we want only some users to have access to `192.168.1.5` web server, how can we forbid other users to access this web server or restrict this web servers to some users according to openLDAP attribute or openLDAP group?
Is there could be done using "authorize" section or "post-auth" section? (provide me with links please)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140803/b23b7823/attachment.html>
More information about the Freeradius-Users
mailing list