frammed ip adress
David Hláčik
david at hlacik.eu
Mon Apr 14 16:08:53 CEST 2008
Can i before :
DEFAULT Ldap-Group == "GroupLetters", Pool-Name := letters
DEFAULT Ldap-Group == "GroupNumbers", Pool-Name := numbers
add
DEFAULT Pool-Name := vpn_main
which will asign vpn_main pool to all other groups not defined in users
file?
Thanks!
2008/4/6 Ivan Kalik <tnt at kalik.net>:
> ldap looks fine to me, but I don't use it.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 6/4/2008, "David Hláčik" <david at hlacik.eu> piše:
>
> >Thanks Ivan!,
> >
> >can i understand it like that my group structure in LDAP is okay, and
> there
> >is only need to add those to users file and it will work?
> >
> >D.
> >
> >2008/4/5 Ivan Kalik <tnt at kalik.net>:
> >
> >> DEFAULT Ldap-Group == "GroupLetters", Pool-Name := letters
> >>
> >> DEFAULT Ldap-Group == "GroupNumbers", Pool-Name := numbers
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 5/4/2008, "David Hláčik" <david at hlacik.eu> piše:
> >>
> >> >Hi,
> >> >
> >> >i will describe what i am trying to achieve.
> >> >
> >> >This is my sample ldap structure
> >> >
> >> >users (inetOrgPerson) :
> >> >
> >> >
> >> >cn=User1,ou=Users,o=Polarion
> >> >cn=User2,ou=Users,o=Polarion
> >> >cn=UserA,ou=Users,o=Polarion
> >> >cn=UserB,ou=Users,o=Polariong
> >> >groups (GroupOfNames)
> >> >
> >> >cn=GroupNumbers,ou=Groups,o=Polarion
> >> > member=cn=User1,ou=Users,o=Polarion
> >> > member=cn=User2,ou=Users,o=Polarion
> >> >
> >> > cn=GroupLetters,ou=Groups,o=Polarion
> >> > member=cn=UserA,ou=Users,o=Polarion
> >> > member=cn=UserB,ou=Users,o=Polarion
> >> >
> >> >I want to be able to assign different poll-name per group
> >> >
> >> >for GroupNumbers Pool-Name number
> >> >for GroupLetters Pool-Name letters
> >> >
> >> >How can i achieve this without adding any attribute to user entry?
> (users
> >> >have access to their dn, so they will be able to change it - this is
> what
> >> i
> >> >want to block! , i know i can set readonly access in slapd.conf, but
> this
> >> is
> >> >not what i want)
> >> >
> >> >1) One scenario i was thinking of is to add in radius to users file :
> >> >
> >> >DEFAULT Pool-Name == numbers, Ldap-Group
> >> >== cn=GroupNumbers,ou=Groups,o=Polarion
> >> > Fall-Through = no
> >> >
> >> >DEFAULT NAS-Port-Type == letters, Ldap-Group ==
> >> >cn=GroupLetters,ou=Groups,o=Polarion
> >> > Fall-Through = no
> >> >
> >> >But what i need to add to ldap - configuration part in order to make
> it
> >> >work?
> >> >
> >> >Thanks very very much for help!
> >> >
> >> >Regards,
> >> >
> >> >David
> >> >On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:
> >> >
> >> >> >So if i understand clear a i need to name and configure ip pool
> parts
> >> in
> >> >> >radius.conf and than use this name as a Pool-Name in LDAp P?
> >> >>
> >> >> Yes.
> >> >>
> >> >> >Is there a
> >> >> >chance to specify range directly in LDAP and not in ip pool?
> >> >> >
> >> >>
> >> >> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP
> pools
> >> >> on the NAS and select them with Framed-Pool if your NAS supports it.
> >> >> Cisco doesn't but you can set IP pool with avpairs.
> >> >>
> >> >> Ivan Kalik
> >> >> Kalik Informatika ISP
> >> >>
> >> >> -
> >> >> List info/subscribe/unsubscribe? See
> >> >> http://www.freeradius.org/list/users.html
> >> >>
> >> >
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080414/c4ed6947/attachment.html>
More information about the Freeradius-Users
mailing list