On 31.12.2011 10:56, Christian Kölpin wrote:
I'am stuck while testing with LDAP an Radius. I'am get Radius to work with user authorisation against LDAP and authentication against kerberos. Even if i set a "simple" membership checking in ./modules/ldap it works fine.
My problem is, I have several NAS (Some APs, Switches, VPN-Servers). Depending on the NAS another group-Membership should be checked . For example a user with memberships in "wireless" and "office-vpn" should get access if the request comes from the APs or a specific VPN-Server.
Can someone give me a hint, how to setup such a szenario?
my solution users: DEFAULT Huntgroup-Name == "switches", Ldap-Group == "coolguys" Tunnel-Type = VLAN, Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-ID = "1337" huntgroups: # Switch XY all NAS-IP-Address == X.Y.Z.131, NAS-Port >= 1,NAS-Port <= 30 coolguys NAS-IP-Address == X.Y.Z.131, NAS-Port >= 31,NAS-Port <= 40 -- Jens Weibler IT-Services Hochschule Darmstadt www.h-da.de University of Applied Sciences Fachbereich Informatik www.fbi.h-da.de Schöfferstr. 8b D-64295 Darmstadt Tel +49 6151 16-8425 Fax +49 6151 16-8935 jens.weibler@h-da.de