Authenticating user with FDS

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 11 16:09:12 CEST 2006


Hariharan R wrote:
> Hi all,
> 
>  I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend 
> data store.
> 
>  Let us consider the scenario..
> 
>  I have two servers, one is a mail server and another one is a proxy 
> server. Both servers are configured to use RADIUS+FDS for user 
> authentication. In FDS i have two organizational unit under root domain.
> 
> For Ex;
>  ou=mailusers,dc=example,dc=com
>  ou=proxyusers,dc=example,dc=com
> 
>  In the 'raddb/radiusd.conf' file i specified the base domain as
>  (In LDAP module)
> 
>  basedn = "dc=example,dc=com"
> 
>  So whenever a client request comes to the RADIUS server it will look 
> for the username in FDS.
> 
>  The problem is, how the RADIUS will identify that whether the request 
> is comes from the 'mail server' or from the 'proxy server'. Because for 
> mailserver users i have to look in the "ou=mailusers,dc=example,dc=com" 
> and for proxy users i have to look in the 
> "ou=proxyusers,dc=example,dc=com".

Try this:

/etc/raddb/huntgroups:

mail	NAS-IP-Address == the.mail.server.ip
proxy	NAS-IP-Address == the.proxy.server.ip

/etc/radiusd.conf:

modules {
  ldap {
   basedn = "ou=%{Huntgroup-Name},dc=example,dc=com"
  }
}

> 
> How i can change the LDAP basedn according to the request.

Use any string expansion you like, as above.



More information about the Freeradius-Users mailing list