Freeradius and LDAP with static ips...

Terry J Fike Jr tfike at mtasolutions.com
Thu Apr 6 00:14:45 CEST 2006 

Okay, i have freeradius and ldap talking together quite fine. it doesn't 
matter if the nas is a dsl or dial-up it work correctly (huntgroups, 
defaults in the users file...etc)

what i am wondering is there a way that if i have a user with a static 
ip for dsl, that i can not pull the static ip on the same account with 
dialup.

i have group attributes for dsl and dialup, the static ip is associated 
with the user in ldap.

below is an example dsl group from ldap and my dial-up group. also, the 
user i'm testing with (these are in ldif format).

before moving to ldap all our dsl users were flatfiled in the users file 
(yea, i know how bad that is, and it is why i am pushing the move to 
ldap).   anyways...in order to make this work we just added 
NAS-Identifier to the username/password line for authentication on users 
with static ips.  this forced the system to authentice via unix 
authentication for dial-up.  is there a way to do this in ldap without 
two trees (one for dsl one for dialup or one for statics, one for normal 
users? or ??)

oh...yea...and i'll also put my defaults in from the users file.
the huntgroups just list the NAS-IP-Address (for testing, 
255.255.255.255 which i move to whichever group i want to work with as 
i'm running radtest locally on the radius server)

thanks in advance
t-

DEFAULT Huntgroup-Name == dial, Ldap-Group == dial, User-Profile := 
"uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no

DEFAULT Huntgroup-Name == dsl, Ldap-Group == dsl8m, User-Profile := 
"uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net"
         Fall-Through = no



version: 1

# LDIF Export for: uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on 
April 5, 2006 2:00 pm
# Server: My LDAP Server (10.10.0.46)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1

# Entry 1: uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net
dn: uid=dial,ou=profiles,ou=radius,dc=mtaonline,dc=net
radiusFramedCompression: Van-Jacobson-TCP-IP
radiusPortLimit: 1
radiusFramedMTU: 1500
objectClass: radiusprofile
radiusRateLimitRate: 0
radiusPoliceRate: 0
uid: dial
radiusPoliceBurst: 15000
radiusIdleTimeout: 900
radiusFramedProtocol: PPP
radiusSessionTimeout: 18000
radiusRateLimitBurst: 0

version: 1

# LDIF Export for: uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on 
April 5, 2006 2:00 pm
# Server: My LDAP Server (10.10.0.46)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1

# Entry 1: uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net
dn: uid=dsl8m,ou=profiles,ou=radius,dc=mtaonline,dc=net
radiusPortLimit: 1
radiusFramedMTU: 1500
objectClass: radiusprofile
radiusRateLimitRate: 8192
radiusPoliceRate: 8192
uid: dsl8m
radiusPoliceBurst: 15000
radiusIdleTimeout: 0
radiusSessionTimeout: 0
radiusFramedRouting: None
radiusRateLimitBurst: 15000
radiusServiceType: Framed-User

version: 1

# LDIF Export for: uid=ftptest99,ou=People,dc=mtaonline,dc=net
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on 
April 5, 2006 2:01 pm
# Server: My LDAP Server (10.10.0.46)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1

# Entry 1: uid=ftptest99,ou=People,dc=mtaonline,dc=net
dn: uid=ftptest99,ou=People,dc=mtaonline,dc=net
mailLocalAddress: ftptest99 at mtaonline.net
sn: Tester
userPassword: {CRYPT}XuO3ko3FEXkV6
loginShell: /bin/sh
uidNumber: 2001
gidNumber: 2001
objectClass: OpenLDAPperson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: radiusprofile
objectClass: inetLocalMailRecipient
objectClass: dcObject
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uid: ftptest99
shadowLastChange: 13014
mailHost: mail.mtaonline.net
mailRoutingAddress: ftptest99 at mtaonline.net
cn: Ftp99 Tester
homeDirectory: /export/home/ftptest99
dc: People.mtaonline.net
radiusFramedIPAddress: 192.168.200.1
radiusFramedIPNetmask: 255.255.255.0
radiusGroupName: dsl8m
radiusGroupName: dial
-- 
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike at mtasolutions.com

More information about the Freeradius-Users mailing list