LDAP auth and different use of access_attr

John Keimel jkeimel at bowdoin.edu
Mon Feb 27 19:12:53 CET 2006

I've a FreeRADIUS server (1.0.2, from debian stable) that is set up to 
authenticate users of a VPN into the network.

I've presently got the firewall talking to FreeRADIUS which then talks 
to LDAP and check the existence access_attr: vpntype

If the users profile has the attribute of vpntype in it, they're let in.

What we'd rather do is allow access based on the value of access_attr . 
So rather than just allowing if it exists, we might later pass on some 
extra rights to people in different groups. vpntype: foo    or   
vpntype: bar   vpntype: baz  - whatever those values might be.

Am I looking in the wrong spot for this ? Is access_attr: the right 
place to put such a setting? Or is there someplace else.

I've done some basic searches of the mail archive, but I think my 
barking up the wrong tree may be causing my searches to be too broad. 
Pointers towards fine tuning my search or possibly some threads on 
this, would be welcome.



More information about the Freeradius-Users mailing list