users advanced configuration [SEC=UNCLASSIFIED]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Mon May 19 09:38:50 CEST 2008
UNCLASSIFIED
Why not test Ldap-UserDN using a regexp. It will contain the users' OU as part of the full distinguished name.
regards,
Frank Ranner
________________________________
From: freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.org [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On Behalf Of Tribes Tom
Sent: Friday, 16 May 2008 21:05
To: FreeRadius users mailing list
Subject: Re: users advanced configuration
I have already test with group, it runs but i would like to avoir using groups if it s possible
I prefer just use "ou". It will be much more easy for the administration.
Thks for the tip about Auth-Type
2008/5/16 Ivan Kalik <tnt at kalik.net>:
Use groups in ldap and configure groupmembership part of radiusd.conf
ldap configuration. Add users to the groups and use:
DEFAULT Ldap-Group = "heure", Max-Daily-Session := 3600
to set the attributes. Don't use Auth-Type. Ldap module should set
Auth-Type ldap (see set_auth_type configuration option) itself.
Ivan Kalik
Kalik Informatika ISP
Dana 16/5/2008, "tribestom" <tribes.tom at gmail.com> piše:
>Hi
>
>I have a little hard to configure freeradius. here is what i want to
>do :
>
>I want to run an hotspot with different accounts which give different
>connection time.
>
>I have an openldap server with this organisation :
>
> dc=com
> |
> dc=exempl
>
> | |
> ou=heure ou=jour
> | |
> uid=user1 uid=user2
>
>
>What i have running now :
>
>I can authenticate a users with a time limit.
>
>Here is my users file :
>
>DEFAULT Auth-Type = ldap,Max-Daily-Session := 3600
>
>I want add a second line with correspond to a day like this :
>
>DEFAULT Auth-Type = ldap,Max-Daily-Session := 86400
>
> and i want that user from ou=heure use the first one and user from
>ou=jour use the policy with a day time
>
>which attribute should i add to this line or how should i do to realize
>this. I haven t found any clue on the net how to do this.
>
>Here is my ldap conf in radiusd.conf :
>
>server = "192.168.20.240" # ip de la machine avec le serveur ldap
> identity = "cn=admin,dc=exempl,dc=lcom" # login sur le serveur ldap
> password = "******" # mots de passe sur le serveur ldap
> basedn = "dc=exempl,dc=com" # base de recherche sur le serveur ldap
> filter ="uid=%u" # filtre de recherche ( ici tout utilisateur )
> ldap_connections_number = 5 # nombre de tentative de connection
> timeout = 4
> timelimit = 3
> net_timeout = 1
> tls {
> start_tls = no
> }
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> edir_account_policy_check = no
>
>Sorry for my bad english and thanks for your help
>
>If you need more informations just tell me
>
>
>Tribolet
>Thomas
>
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080519/27aa2fb6/attachment.html>
More information about the Freeradius-Users
mailing list