grouping services - LDAP

Dusty Doris freeradius at mail.doris.cc
Wed Jul 20 15:18:25 CEST 2005



On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:

> Hi all,
>
> Using Freeradius 1.0.4 (FB 4.11)
>
>
> I want to grouping between dialup & adsl... refer to users file below by
> if if Ldap-Group ==ADSL is found, should authenticate/authorize by
> "ldapadsl" and if not found, assuming dialup user and should
> authenticate/authorize by "ldap1/ldap2" (DIALUP)
>
> But the problem, referring to debug log.. doesn't matter whether
> Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 &
> ldapadsl i.e checking "adslAccess & dialAcess" atttribute.
>
> What i want is that.. If Ldap-Group ==ADSL is found, it should be
> handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when
> not found, it will be handled by "ldap1/ldap2" and not checking
> "ldapadsl"
>
>
> anyone can help.?? thanks

Try using Autz Type as well, there is some documentation on it in the doc
dir.

It might look something like this.

DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL

DEFAULT Autz-Type := LDAP, Auth-Type := LDAP


#############################
 authorize {
       Autz-Type LDAP {
          redundant {
                 ldap1
                 ldap2
         }
       }
       Autz-Type ADSL {
         ldapadsl
       }
 }



More information about the Freeradius-Users mailing list