Hi Alan, Thank you for your help, it's up and running now, I do have a few follow up questions to try and see if I can make changes to the configuration a bit more simple. Is there a way to refer to the client shortname in the sites-enabled/default authorize section, so I only need to have the IP in one place? or even better is there a way I can group clients so I can test on the group in sites-enabled/default authorize section? .. so the only place the IP exists is in the clients.conf, and then I can group them, so I only have one if / elsif statement per company? clients.conf client 1.1.1.1 { secret = mysecret shortname = CompanyA_client1 } client 2.2.2.2 { secret = mysecret shortname = CompanyA_client2 } huntgroups file CompanyGroupA CompanyA_client1 CompanyGroupA CompanyA_client2 sites-enabled/default if (CompanyGroupA == Packet-Src-IP-Address) { ldap_companyA elseif (CompanyGroupB == Packet-Src-IP-Address) { ldap_companyB } So to setup a new radius client for a customer I would only have to add the radius client, and add that radius client to the company's clients group?
Frank Skovboel wrote:
Where would I place this (what file under which section?), and do I need to do some thing special to make sure it does not try to authenticate the user?
In the "authorize" section. Look at raddb/sites-available/default. There are examples of using the "ldap" module.
Where can I read about the response codes that I can expect on "found user" and "user not found" ?
$ man unlang
"else proxy it" is that about using update control ?
Yes.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Thank you, Frank