Freeradius, Ldap, and static IPs for users.
Terry J Fike Jr
tfike at mtasolutions.com
Fri Oct 7 19:25:35 CEST 2005
Hello All,
I'm trying to figure out how to get a static ip to only show up on a DSL
login, and not a Dial-up. I'm using Freeradius 1.0.1 and OpenLdap
2.1.30. The only changes in the radiusd.conf is to bind to an ip and
port and turn off radutmp and radwtmp
I have a huntgroup for the dial-up that allows me to differentiate
between the dial and dsl based on the radiusGroupName without any
problems. But now i need to be able to let a DSL user with a static ip
be able to log in via dial-up and pull a dynamic ip. Is this possible
and how do i do it (or for that matter, what docs might even point me in
the right direction) i'm not seeing much on this in my searches.
my huntgroups.conf is like this:
dialup NAS-IP-Address == ip of nas device
in my users file i have this:
DEFAULT Ldap-Group == disabled, Auth-Type := Reject
Reply-Message = "Account disabled. Please call the helpdesk."
DEFAULT Huntgroup-Name == dialup, Ldap-Group == dial, User-Profile :=
"uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl128, User-Profile
:="uid=dsl128,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl256, User-Profile
:="uid=dsl256,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl512, User-Profile
:="uid=dsl512,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl768, User-Profile
:="uid=dsl768,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl4m, User-Profile
:="uid=dsl4m,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Ldap-Group == dsl8m, User-Profile
:="uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net"
Fall-Through = no
DEFAULT Auth-Type := Reject
Reply-Message = "Please call the helpdesk."
the ldap user i'm testing this all with looks like this:
dn: uid=tfike,ou=People,dc=mtaonline,dc=net
cn: Terry
gecos: Terry,,Fike
gidNumber: 14
homeDirectory: /export/home/tfike
loginShell: /bin/csh
objectClass: posixAccount
objectClass: top
objectClass: radiusprofile
objectClass: shadowAccount
radiusFramedIPAddress: 216.152.176.25
radiusFramedIPNetmask: 255.255.255.255
radiusGroupName: dial
radiusGroupName: dsl4m
shadowLastChange: 13062
uid: tfike
uidNumber: 130
userPassword: temppass
thanks in advance.
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike at mtasolutions.com
More information about the Freeradius-Users
mailing list