frammed ip adress
David Hláčik
david at hlacik.eu
Sun Apr 6 14:55:53 CEST 2008
Thanks Ivan!,
can i understand it like that my group structure in LDAP is okay, and there
is only need to add those to users file and it will work?
D.
2008/4/5 Ivan Kalik <tnt at kalik.net>:
> DEFAULT Ldap-Group == "GroupLetters", Pool-Name := letters
>
> DEFAULT Ldap-Group == "GroupNumbers", Pool-Name := numbers
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 5/4/2008, "David Hláčik" <david at hlacik.eu> piše:
>
> >Hi,
> >
> >i will describe what i am trying to achieve.
> >
> >This is my sample ldap structure
> >
> >users (inetOrgPerson) :
> >
> >
> >cn=User1,ou=Users,o=Polarion
> >cn=User2,ou=Users,o=Polarion
> >cn=UserA,ou=Users,o=Polarion
> >cn=UserB,ou=Users,o=Polariong
> >groups (GroupOfNames)
> >
> >cn=GroupNumbers,ou=Groups,o=Polarion
> > member=cn=User1,ou=Users,o=Polarion
> > member=cn=User2,ou=Users,o=Polarion
> >
> > cn=GroupLetters,ou=Groups,o=Polarion
> > member=cn=UserA,ou=Users,o=Polarion
> > member=cn=UserB,ou=Users,o=Polarion
> >
> >I want to be able to assign different poll-name per group
> >
> >for GroupNumbers Pool-Name number
> >for GroupLetters Pool-Name letters
> >
> >How can i achieve this without adding any attribute to user entry? (users
> >have access to their dn, so they will be able to change it - this is what
> i
> >want to block! , i know i can set readonly access in slapd.conf, but this
> is
> >not what i want)
> >
> >1) One scenario i was thinking of is to add in radius to users file :
> >
> >DEFAULT Pool-Name == numbers, Ldap-Group
> >== cn=GroupNumbers,ou=Groups,o=Polarion
> > Fall-Through = no
> >
> >DEFAULT NAS-Port-Type == letters, Ldap-Group ==
> >cn=GroupLetters,ou=Groups,o=Polarion
> > Fall-Through = no
> >
> >But what i need to add to ldap - configuration part in order to make it
> >work?
> >
> >Thanks very very much for help!
> >
> >Regards,
> >
> >David
> >On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:
> >
> >> >So if i understand clear a i need to name and configure ip pool parts
> in
> >> >radius.conf and than use this name as a Pool-Name in LDAp P?
> >>
> >> Yes.
> >>
> >> >Is there a
> >> >chance to specify range directly in LDAP and not in ip pool?
> >> >
> >>
> >> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
> >> on the NAS and select them with Framed-Pool if your NAS supports it.
> >> Cisco doesn't but you can set IP pool with avpairs.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080406/20a49373/attachment.html>
More information about the Freeradius-Users
mailing list