20 Apr
2012
20 Apr
'12
8:21 a.m.
Il 04/04/2012 12:49, Andres Septer ha scritto:
OK, I achieved my goal to get freeradius authenticate via mschap challenge-response and authorize via LDAP search. I's working, though, I'm not sure, that I'm doing it right. This "solution" works only with one group (my example, VPNusers). I think it is not expandable to the scenario like:
"authorize user when it belongs to the group VPNusers autohorize user when it comes form IP of some WiFi access point disregarding any groups" Why not setting the group to check membership of in a variable based on the NAS sending the request? Or, maybe, by using huntgroups (not sure... still have to understand 'em fully).
BYtE, Diego.