frammed ip adress

Ivan Kalik tnt at kalik.net
Sun Apr 6 16:26:01 CEST 2008 

ldap looks fine to me, but I don't use it.

Ivan Kalik
Kalik Informatika ISP


Dana 6/4/2008, "David Hláčik" <david at hlacik.eu> piše:

>Thanks Ivan!,
>
>can i understand it like that my group structure in LDAP is okay, and there
>is only need to add those to users file and it will work?
>
>D.
>
>2008/4/5 Ivan Kalik <tnt at kalik.net>:
>
>> DEFAULT   Ldap-Group == "GroupLetters", Pool-Name := letters
>>
>> DEFAULT   Ldap-Group == "GroupNumbers", Pool-Name := numbers
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 5/4/2008, "David Hláčik" <david at hlacik.eu> piše:
>>
>> >Hi,
>> >
>> >i will describe what i am trying to achieve.
>> >
>> >This is my sample ldap structure
>> >
>> >users (inetOrgPerson) :
>> >
>> >
>> >cn=User1,ou=Users,o=Polarion
>> >cn=User2,ou=Users,o=Polarion
>> >cn=UserA,ou=Users,o=Polarion
>> >cn=UserB,ou=Users,o=Polariong
>> >groups (GroupOfNames)
>> >
>> >cn=GroupNumbers,ou=Groups,o=Polarion
>> >      member=cn=User1,ou=Users,o=Polarion
>> >      member=cn=User2,ou=Users,o=Polarion
>> >
>> > cn=GroupLetters,ou=Groups,o=Polarion
>> >      member=cn=UserA,ou=Users,o=Polarion
>> >      member=cn=UserB,ou=Users,o=Polarion
>> >
>> >I want to be able to assign different poll-name per group
>> >
>> >for GroupNumbers Pool-Name number
>> >for GroupLetters Pool-Name letters
>> >
>> >How can i achieve this without adding any attribute to user entry? (users
>> >have access to their dn, so they will be able to change it - this is what
>> i
>> >want to block! , i know i can set readonly access in slapd.conf, but this
>> is
>> >not what i want)
>> >
>> >1) One scenario i was thinking of is to add in radius to users file :
>> >
>> >DEFAULT Pool-Name == numbers, Ldap-Group
>> >== cn=GroupNumbers,ou=Groups,o=Polarion
>> >  Fall-Through = no
>> >
>> >DEFAULT NAS-Port-Type == letters, Ldap-Group ==
>> >cn=GroupLetters,ou=Groups,o=Polarion
>> >  Fall-Through = no
>> >
>> >But what i need to add to ldap - configuration part in order to make it
>> >work?
>> >
>> >Thanks very very much for help!
>> >
>> >Regards,
>> >
>> >David
>> >On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:
>> >
>> >> >So if i understand clear a i need to name and configure ip pool parts
>> in
>> >> >radius.conf and than use this name as a Pool-Name in LDAp P?
>> >>
>> >> Yes.
>> >>
>> >> >Is there a
>> >> >chance to specify range directly in LDAP and not in ip pool?
>> >> >
>> >>
>> >> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
>> >> on the NAS and select them with Framed-Pool if your NAS supports it.
>> >> Cisco doesn't but you can set IP pool with avpairs.
>> >>
>> >> Ivan Kalik
>> >> Kalik Informatika ISP
>> >>
>> >>  -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >>
>> >
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>

More information about the Freeradius-Users mailing list