frammed ip adress

David Hláčik david at hlacik.eu
Sat Apr 5 17:01:42 CEST 2008 

Sorry for that mistake in last lines

DEFAULT NAS-Port-Type == letters, Ldap-Group ==
cn=GroupLetters,ou=Groups,o=Polarion
  Fall-Through = no

*DEFAULT Pool-Name == letters, Ldap-Group ==
cn=GroupLetters,ou=Groups,o=Polarion
  Fall-Through = no

On Sat, Apr 5, 2008 at 4:38 PM, David Hláčik <david at hlacik.eu> wrote:

> Hi,
>
> i will describe what i am trying to achieve.
>
> This is my sample ldap structure
>
> users (inetOrgPerson) :
>
>
> cn=User1,ou=Users,o=Polarion
> cn=User2,ou=Users,o=Polarion
> cn=UserA,ou=Users,o=Polarion
> cn=UserB,ou=Users,o=Polariong
> groups (GroupOfNames)
>
> cn=GroupNumbers,ou=Groups,o=Polarion
>       member=cn=User1,ou=Users,o=Polarion
>       member=cn=User2,ou=Users,o=Polarion
>
>  cn=GroupLetters,ou=Groups,o=Polarion
>       member=cn=UserA,ou=Users,o=Polarion
>       member=cn=UserB,ou=Users,o=Polarion
>
> I want to be able to assign different poll-name per group
>
> for GroupNumbers Pool-Name number
> for GroupLetters Pool-Name letters
>
> How can i achieve this without adding any attribute to user entry? (users
> have access to their dn, so they will be able to change it - this is what i
> want to block! , i know i can set readonly access in slapd.conf, but this is
> not what i want)
>
> 1) One scenario i was thinking of is to add in radius to users file :
>
> DEFAULT Pool-Name == numbers, Ldap-Group
> == cn=GroupNumbers,ou=Groups,o=Polarion
>   Fall-Through = no
>
> DEFAULT NAS-Port-Type == letters, Ldap-Group ==
> cn=GroupLetters,ou=Groups,o=Polarion
>   Fall-Through = no
>
> But what i need to add to ldap - configuration part in order to make it
> work?
>
> Thanks very very much for help!
>
> Regards,
>
> David
>   On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:
>
> > >So if i understand clear a i need to name and configure ip pool parts
> > in
> > >radius.conf and than use this name as a Pool-Name in LDAp P?
> >
> > Yes.
> >
> > >Is there a
> > >chance to specify range directly in LDAP and not in ip pool?
> > >
> >
> > No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
> > on the NAS and select them with Framed-Pool if your NAS supports it.
> > Cisco doesn't but you can set IP pool with avpairs.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
> >
> >  -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080405/5904c00e/attachment.html>

More information about the Freeradius-Users mailing list