Authenticating user with FDS

Phil Mayers p.mayers at
Tue Jul 11 16:09:12 CEST 2006

Hariharan R wrote:
> Hi all,
>  I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend 
> data store.
>  Let us consider the scenario..
>  I have two servers, one is a mail server and another one is a proxy 
> server. Both servers are configured to use RADIUS+FDS for user 
> authentication. In FDS i have two organizational unit under root domain.
> For Ex;
>  ou=mailusers,dc=example,dc=com
>  ou=proxyusers,dc=example,dc=com
>  In the 'raddb/radiusd.conf' file i specified the base domain as
>  (In LDAP module)
>  basedn = "dc=example,dc=com"
>  So whenever a client request comes to the RADIUS server it will look 
> for the username in FDS.
>  The problem is, how the RADIUS will identify that whether the request 
> is comes from the 'mail server' or from the 'proxy server'. Because for 
> mailserver users i have to look in the "ou=mailusers,dc=example,dc=com" 
> and for proxy users i have to look in the 
> "ou=proxyusers,dc=example,dc=com".

Try this:


mail	NAS-IP-Address == the.mail.server.ip
proxy	NAS-IP-Address == the.proxy.server.ip


modules {
  ldap {
   basedn = "ou=%{Huntgroup-Name},dc=example,dc=com"

> How i can change the LDAP basedn according to the request.

Use any string expansion you like, as above.

More information about the Freeradius-Users mailing list