multiple Autz-Type
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jun 5 23:30:47 CEST 2006
wekz wrote:
>
> I don't know if I have explain it correctly, if I haven't just tell me (
> I'm not an english speaker )
Your english is great.
> My hints file:
Nearly there. Try:
DEFAULT NAS-IP-Address == 192.168.xx.yy, Autz-Type := LDAPx
I'm not sure that'll work in a hints file - so you may need to use a
"users" file - hints puts items into the request pairs, Autz-Type needs
to go into the configure pairs.
Try this:
modules {
# other stuff
files filesFirst {
usersfile = ${confdir}/usersFirst
}
}
authorize {
preprocess
filesFirst
Autz-Type LDAP1 {
# stuff here
ldap1
}
# other LDAP modules
}
And in ${confdir}/usersFirst:
DEFAULT NAS-IP-Address == 192.168.51.xx, Autz-Type := LDAP1
DEFAULT NAS-IP-Address == 192.168.51.yy, Autz-Type := LDAP2
...and so on.
The other slightly simpler way might be to use a "passwd" (badly named)
module, e.g.:
modules {
passwd nas2autz {
filename = ${confdir}/nas2autz
format = "*NAS-IP-Address:Autz-Type"
# set to 0 to read file on every request - slow
# but instant-updates
hashsize = 100
}
}
authorize {
preprocess
nas2autz
Autz-Type LDAP1 {
ldap1
}
# other Autz
}
...and in ${confdir}/nas2autz
192.168.51.xx:LDAP1
192.168.51.yy:LDAP2
Hope that helps
Phil
More information about the Freeradius-Users
mailing list