Multiple BaseDN's - How Do I Do This?
Kenneth Grady
klg at lanl.gov
Mon May 12 16:46:15 CEST 2008
Rob
You may need to look under authorize and modules in radiusd.conf and
have something like:
#modules { section
ldap CTC_users {
server = "ldap"
net_timeout =
timeout =
timelimit =
ldap_connections_number =
basedn = "dc=abc,dc=edu"
filter="(&(objectClass=person)(|(departmentNumber=CTC)(|(employeeNum
ber=%{Stripped-User-Name:-%{User-Name}})(uid=%{Stripped-User-Name:-%{User-Name}})))"
...
#authorize { section
Autz-Type = CTC_accounts {
CTC_users
}
for the users
Autz-Type := CTC_accounts,
Phil Mayers wrote:
> Rob VanDusen wrote:
>> I'm very new to both Linux and FreeRadius, so please excuse me if
>> this is too easy a question. After a couple weeks of fighting,
>> reading, testing and reconfiguring - I finally managed to get
>> FreeRadius 2.x working with my Novell eDirectory. Right now my eDir
>> tree is made up of 6 "O's" - one for each building in the
>> organization. It looks something like this:
>>
>> ISDTREE | CTC | ESB | MTC | SPS | OAC | JSC
>
> Sorry, that's a bit confusing; are you saying you don't have a common
> top-level O or OU
>
> That is, is the current basedn:
>
> o=esb
>
> ?
>
> If so, you've got problems (and if I may say so, that's a rather
> unwise configuration)
>
>>
>> My current config will check via LDAP against a NetWare box and
>> authorize anyone in the ESB container - but I can't get it to look at
>> any of the other containers. I tried doing multiple instances of the
>> LDAP module - but that resulted in the server not authorizing anyone.
>
> http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
>
>> How would I set this up so I can add the other O's as Base DN's? I'd
>> really appreciate any instructions that a slightly dim bulb could
>> follow.
>>
>> -Rob
>>
>>
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3007 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080512/80b3cc9b/attachment.bin>
More information about the Freeradius-Users
mailing list