grouping services - LDAP

Rohaizam Abu Bakar haizam at myjaring.net
Thu Jul 21 03:32:17 CEST 2005


I've read the doc & do it exactly as suggested and it's working.. 
thanx....!!

--haizam
----- Original Message ----- 
From: "Dusty Doris" <freeradius at mail.doris.cc>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, July 20, 2005 21:18
Subject: Re: grouping services - LDAP


>
>
> On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:
>
>> Hi all,
>>
>> Using Freeradius 1.0.4 (FB 4.11)
>>
>>
>> I want to grouping between dialup & adsl... refer to users file below by
>> if if Ldap-Group ==ADSL is found, should authenticate/authorize by
>> "ldapadsl" and if not found, assuming dialup user and should
>> authenticate/authorize by "ldap1/ldap2" (DIALUP)
>>
>> But the problem, referring to debug log.. doesn't matter whether
>> Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 &
>> ldapadsl i.e checking "adslAccess & dialAcess" atttribute.
>>
>> What i want is that.. If Ldap-Group ==ADSL is found, it should be
>> handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when
>> not found, it will be handled by "ldap1/ldap2" and not checking
>> "ldapadsl"
>>
>>
>> anyone can help.?? thanks
>
> Try using Autz Type as well, there is some documentation on it in the doc
> dir.
>
> It might look something like this.
>
> DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL
>
> DEFAULT Autz-Type := LDAP, Auth-Type := LDAP
>
>
> #############################
> authorize {
>       Autz-Type LDAP {
>          redundant {
>                 ldap1
>                 ldap2
>         }
>       }
>       Autz-Type ADSL {
>         ldapadsl
>       }
> }
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 





More information about the Freeradius-Users mailing list