grouping services - LDAP
Dusty Doris
freeradius at mail.doris.cc
Wed Jul 20 15:18:25 CEST 2005
On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:
> Hi all,
>
> Using Freeradius 1.0.4 (FB 4.11)
>
>
> I want to grouping between dialup & adsl... refer to users file below by
> if if Ldap-Group ==ADSL is found, should authenticate/authorize by
> "ldapadsl" and if not found, assuming dialup user and should
> authenticate/authorize by "ldap1/ldap2" (DIALUP)
>
> But the problem, referring to debug log.. doesn't matter whether
> Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 &
> ldapadsl i.e checking "adslAccess & dialAcess" atttribute.
>
> What i want is that.. If Ldap-Group ==ADSL is found, it should be
> handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when
> not found, it will be handled by "ldap1/ldap2" and not checking
> "ldapadsl"
>
>
> anyone can help.?? thanks
Try using Autz Type as well, there is some documentation on it in the doc
dir.
It might look something like this.
DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL
DEFAULT Autz-Type := LDAP, Auth-Type := LDAP
#############################
authorize {
Autz-Type LDAP {
redundant {
ldap1
ldap2
}
}
Autz-Type ADSL {
ldapadsl
}
}
More information about the Freeradius-Users
mailing list