users advanced configuration [SEC=UNCLASSIFIED]

Ranner, Frank MR Frank.Ranner at defence.gov.au
Mon May 19 09:38:50 CEST 2008


UNCLASSIFIED


Why not test Ldap-UserDN using a regexp. It will contain the users' OU as part of the full distinguished name.
 
regards,
Frank Ranner


________________________________

	From: freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.org [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On Behalf Of Tribes Tom
	Sent: Friday, 16 May 2008 21:05
	To: FreeRadius users mailing list
	Subject: Re: users advanced configuration
	
	
	I have already test with group, it runs but i would like to avoir using groups if it s possible
	
	I prefer just use "ou". It will be much more easy for the administration.
	
	Thks for the tip about Auth-Type
	
	
	
	
	2008/5/16 Ivan Kalik <tnt at kalik.net>:
	

		Use groups in ldap and configure groupmembership part of radiusd.conf
		ldap configuration. Add users to the groups and use:
		
		DEFAULT   Ldap-Group = "heure", Max-Daily-Session := 3600
		
		to set the attributes. Don't use Auth-Type. Ldap module should set
		Auth-Type ldap (see set_auth_type configuration option) itself.
		
		Ivan Kalik
		Kalik Informatika ISP
		
		
		Dana 16/5/2008, "tribestom" <tribes.tom at gmail.com> piše:
		

		>Hi
		>
		>I have a little hard to configure freeradius. here is what i want to
		>do :
		>
		>I want to run an hotspot with different accounts which give different
		>connection time.
		>
		>I have an openldap server  with this organisation :
		>
		>       dc=com
		>          |
		>       dc=exempl
		>
		>       |       |
		>   ou=heure    ou=jour
		>    |             |
		> uid=user1      uid=user2
		>
		>
		>What i have running now :
		>
		>I can authenticate a users with a time limit.
		>
		>Here is my users file :
		>
		>DEFAULT        Auth-Type = ldap,Max-Daily-Session := 3600
		>
		>I want add a second line with correspond to a day like this :
		>
		>DEFAULT        Auth-Type = ldap,Max-Daily-Session := 86400
		>
		> and i want that user from ou=heure use the first one and user from
		>ou=jour use the policy with a day time
		>
		>which attribute should i add to this line or how should i do to realize
		>this. I haven t found any clue on the net how to do this.
		>
		>Here is my ldap conf in radiusd.conf :
		>
		>server = "192.168.20.240" # ip de la machine avec le serveur ldap
		>               identity = "cn=admin,dc=exempl,dc=lcom" # login sur le serveur ldap
		>               password = "******" # mots de passe sur le serveur ldap
		>               basedn = "dc=exempl,dc=com" # base de recherche sur le serveur ldap
		>               filter ="uid=%u" # filtre de recherche ( ici tout utilisateur )
		>               ldap_connections_number = 5 # nombre de tentative de connection
		>               timeout = 4
		>               timelimit = 3
		>               net_timeout = 1
		>               tls {
		>                       start_tls = no
		>               }
		>               dictionary_mapping = ${raddbdir}/ldap.attrmap
		>               edir_account_policy_check = no
		>
		>Sorry for my bad english and thanks for your help
		>
		>If you need more informations just tell me
		>
		>
		>Tribolet
		>Thomas
		>
		>
		>
		>
		>
		
		>-
		>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
		>
		>
		
		-
		List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
		


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080519/27aa2fb6/attachment.html>


More information about the Freeradius-Users mailing list