On Tue, Feb 10, 2009 at 1:54 PM, kevin leblanc <kevinzebeste@gmail.com>wrote:
To remember : I want only user1 can access to host1.
To illustrate it: root | ------------------ | | hosts users | | -------- ---------- | | | host1 user1 user2 | | members: | user1
I find a possible way.
in radiusd.conf, I put: groupname_attribute = "cn" group_membership_filter = (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
In the users file, I put: Ldap-Group == "XXXXX" Auth-Type:= LDAP
XXXXX will be the IP/hostname of the host which try to connect.
Is there any variable like %{LDAP-UserDN} which could give me this information ??
thanks for any help
-- KeV
I found the variable %{Client-IP-Address} which gives me host's ip. But is there any way to get the hostname instead of the ip ? By hostname, I mean the real hostname, not this defined in clients.conf with the attribute shortname. Other question, I don't want to store the identity/password attributes in radiusd.conf for security reasons. I tried with the line below in the users file, but that doesn't work : DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com` Any idea ? Thanks -- KeV