Authenticating user with FDS
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 11 16:09:12 CEST 2006
Hariharan R wrote:
> Hi all,
>
> I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend
> data store.
>
> Let us consider the scenario..
>
> I have two servers, one is a mail server and another one is a proxy
> server. Both servers are configured to use RADIUS+FDS for user
> authentication. In FDS i have two organizational unit under root domain.
>
> For Ex;
> ou=mailusers,dc=example,dc=com
> ou=proxyusers,dc=example,dc=com
>
> In the 'raddb/radiusd.conf' file i specified the base domain as
> (In LDAP module)
>
> basedn = "dc=example,dc=com"
>
> So whenever a client request comes to the RADIUS server it will look
> for the username in FDS.
>
> The problem is, how the RADIUS will identify that whether the request
> is comes from the 'mail server' or from the 'proxy server'. Because for
> mailserver users i have to look in the "ou=mailusers,dc=example,dc=com"
> and for proxy users i have to look in the
> "ou=proxyusers,dc=example,dc=com".
Try this:
/etc/raddb/huntgroups:
mail NAS-IP-Address == the.mail.server.ip
proxy NAS-IP-Address == the.proxy.server.ip
/etc/radiusd.conf:
modules {
ldap {
basedn = "ou=%{Huntgroup-Name},dc=example,dc=com"
}
}
>
> How i can change the LDAP basedn according to the request.
Use any string expansion you like, as above.
More information about the Freeradius-Users
mailing list