Authorize after checking an LDAP attribute value

Kenneth Marshall ktm at rice.edu
Fri Jul 27 21:50:09 CEST 2007


Dear Freeradius users:

I am trying to set up my authentication to allow only users
with a particular value of a particular LDAP attribute to login.
I am using freeradius 1.1.7 and I have the authentication
going against Kerberos but I do not know how to have the
radius server check the value of the attribute before allow
access. If they are not in the group, it should send back the
reject packet. Does anyone know how to perform a check item
check against a particular LDAP attribute? Here is how I can
set an attribute to the value and it works correctly:

DEFAULT Auth-Type = Kerberos, NAS-IP-Address == 1.2.3.4, NAS-Port == 10
	Connect-Info = "%{ldap:ldap:///dc=test,dc=com?testValue?sub?uid=%u}"

Any suggestions would be appreciated.

Regards,
Ken Marshall



More information about the Freeradius-Users mailing list