Guy <guy@britewhite.net> wrote:
I now have FreeRadius granting access and using LDAP for username and password information.
My next challenge, using the same Radius and LDAP server I would like to grant different users access via different NAS clients.
eg in LDAP I would have:
uid=guy services: VPN services: WiFi
If I have the "services: VPN" then I would be allowed to connect to the VPN server and if I don't have that entry in my LDIF then it would not be allowed to access.
Any ideas on how to do this, simply?
..."Dear Lazyweb" eh? You should really *attempt* to try, or show you have attempted something, http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg59481.h... http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg62699.h... Now use "%{client:keyword}" in your LDAP xlat search query... To be honest though, your approach *abuses* LDAP, you should be adding them to a *group*, not bloating-up and overloading the user object; otherwise you might as well use something horrible like SQL... Cheers -- Alexander Clouter .sigmonster says: A woman can never be too rich or too thin.