Freeradius, Ldap, and static IPs for users.

Terry J Fike Jr tfike at mtasolutions.com
Fri Oct 7 19:25:35 CEST 2005


Hello All,

I'm trying to figure out how to get a static ip to only show up on a DSL 
login, and not a Dial-up.  I'm using Freeradius 1.0.1 and OpenLdap 
2.1.30.  The only changes in the radiusd.conf is to bind to an ip and 
port and turn off radutmp and radwtmp

I have a huntgroup for the dial-up that allows me to differentiate 
between the dial and dsl based on the radiusGroupName without any 
problems.  But now i need to be able to let a DSL user with a static ip 
be able to log in via dial-up and pull a dynamic ip.  Is this possible 
and how do i do it (or for that matter, what docs might even point me in 
the right direction)  i'm not seeing much on this in my searches.

my huntgroups.conf is like this:
dialup         NAS-IP-Address == ip of nas device

in my users file i have this:
DEFAULT Ldap-Group == disabled, Auth-Type := Reject
         Reply-Message = "Account disabled.  Please call the helpdesk."

DEFAULT Huntgroup-Name == dialup, Ldap-Group == dial, User-Profile := 
"uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl128, User-Profile 
:="uid=dsl128,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl256, User-Profile 
:="uid=dsl256,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl512, User-Profile 
:="uid=dsl512,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl768, User-Profile 
:="uid=dsl768,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl4m, User-Profile 
:="uid=dsl4m,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Ldap-Group == dsl8m, User-Profile 
:="uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Auth-Type := Reject
         Reply-Message = "Please call the helpdesk."

the ldap user i'm testing this all with looks like this:
dn: uid=tfike,ou=People,dc=mtaonline,dc=net
cn: Terry
gecos: Terry,,Fike
gidNumber: 14
homeDirectory: /export/home/tfike
loginShell: /bin/csh
objectClass: posixAccount
objectClass: top
objectClass: radiusprofile
objectClass: shadowAccount
radiusFramedIPAddress: 216.152.176.25
radiusFramedIPNetmask: 255.255.255.255
radiusGroupName: dial
radiusGroupName: dsl4m
shadowLastChange: 13062
uid: tfike
uidNumber: 130
userPassword: temppass

thanks in advance.
-- 
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike at mtasolutions.com



More information about the Freeradius-Users mailing list