ldap groups + freeradius
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Tue Mar 13 10:11:53 CET 2007
Hi,
> I have 4 NAS-IP-Addresses.
>
> My users are split into 6 groups (some are in multiple
> groups): public, faculty, staff, student, vpn, and admin.
>
> I would like the users to get access to the NAS by virtue of
> being in a group.
>
> 192.168.1.1
> admin
> 192.168.1.2
> vpn
> 192.168.1.3 & 192.168.1.4
> faculty, staff, student & public
To make group of NASes use the huntgroup file, for instance:
firstnas NAS-IP-Address == 192.168.1.1
...
lastnas NAS-IP-Address == 192.168.1.3
lastnas NAS-IP-Address == 192.168.1.4
Then define your LDAP server in radiusd.conf
Then use the users file to make your rules such as:
DEFAULT Huntgroup-Name == firstnas, Ldap-Group == admin
Reply-Message = "XXX"
Fall-Through = no
For more info see:
/usr/share/doc/freeradius/rlm_ldap
/usr/share/doc/freeradius/ldap_howto.txt
HTH,
Thibault
More information about the Freeradius-Users
mailing list