frammed ip adress

Ivan Kalik tnt at kalik.net
Sat Apr 5 17:29:56 CEST 2008 

DEFAULT   Ldap-Group == "GroupLetters", Pool-Name := letters

DEFAULT   Ldap-Group == "GroupNumbers", Pool-Name := numbers

Ivan Kalik
Kalik Informatika ISP


Dana 5/4/2008, "David Hláčik" <david at hlacik.eu> piše:

>Hi,
>
>i will describe what i am trying to achieve.
>
>This is my sample ldap structure
>
>users (inetOrgPerson) :
>
>
>cn=User1,ou=Users,o=Polarion
>cn=User2,ou=Users,o=Polarion
>cn=UserA,ou=Users,o=Polarion
>cn=UserB,ou=Users,o=Polariong
>groups (GroupOfNames)
>
>cn=GroupNumbers,ou=Groups,o=Polarion
>      member=cn=User1,ou=Users,o=Polarion
>      member=cn=User2,ou=Users,o=Polarion
>
> cn=GroupLetters,ou=Groups,o=Polarion
>      member=cn=UserA,ou=Users,o=Polarion
>      member=cn=UserB,ou=Users,o=Polarion
>
>I want to be able to assign different poll-name per group
>
>for GroupNumbers Pool-Name number
>for GroupLetters Pool-Name letters
>
>How can i achieve this without adding any attribute to user entry? (users
>have access to their dn, so they will be able to change it - this is what i
>want to block! , i know i can set readonly access in slapd.conf, but this is
>not what i want)
>
>1) One scenario i was thinking of is to add in radius to users file :
>
>DEFAULT Pool-Name == numbers, Ldap-Group
>== cn=GroupNumbers,ou=Groups,o=Polarion
>  Fall-Through = no
>
>DEFAULT NAS-Port-Type == letters, Ldap-Group ==
>cn=GroupLetters,ou=Groups,o=Polarion
>  Fall-Through = no
>
>But what i need to add to ldap - configuration part in order to make it
>work?
>
>Thanks very very much for help!
>
>Regards,
>
>David
>On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:
>
>> >So if i understand clear a i need to name and configure ip pool parts in
>> >radius.conf and than use this name as a Pool-Name in LDAp P?
>>
>> Yes.
>>
>> >Is there a
>> >chance to specify range directly in LDAP and not in ip pool?
>> >
>>
>> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
>> on the NAS and select them with Framed-Pool if your NAS supports it.
>> Cisco doesn't but you can set IP pool with avpairs.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>  -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>

More information about the Freeradius-Users mailing list