users advanced configuration [SEC=UNCLASSIFIED]

Tribes Tom tribes.tom at gmail.com
Mon May 19 10:33:00 CEST 2008


Can you explain how to do this ?

I have try this :

DEFAULT        Auth-Type = ldap,Max-Daily-Session := 3600,Ldap-UserDN :=
`uid=%{User-Name},ou=heure,dc=network,dc=local`
DEFAULT        Auth-Type = ldap,Max-Daily-Session := 86400,Ldap-UserDN :=
`uid=%{User-Name},ou=jour,dc=network,dc=local`
DEFAULT        Auth-Type = ldap,Max-Daily-Session := 604800,Ldap-UserDN :=
`uid=%{User-Name},ou=semaine,dc=network,dc=local`

But when i try with user from different ou, it always use the
max-daily-session from the first policy


Thanks for help

Thomas
Tribolet

2008/5/19 Ranner, Frank MR <Frank.Ranner at defence.gov.au>:

>  *UNCLASSIFIED*
>
> Why not test Ldap-UserDN using a regexp. It will contain the users' OU as
> part of the full distinguished name.
>
> regards,
> Frank Ranner
>
>  ------------------------------
> *From:* freeradius-users-bounces+frank.ranner=defence.gov.au@
> lists.freeradius.org [mailto:freeradius-users-bounces+frank.ranner<freeradius-users-bounces%2Bfrank.ranner>
> =defence.gov.au at lists.freeradius.org] *On Behalf Of *Tribes Tom
> *Sent:* Friday, 16 May 2008 21:05
> *To:* FreeRadius users mailing list
> *Subject:* Re: users advanced configuration
>
> I have already test with group, it runs but i would like to avoir using
> groups if it s possible
>
> I prefer just use "ou". It will be much more easy for the administration.
>
> Thks for the tip about Auth-Type
>
>
>
> 2008/5/16 Ivan Kalik <tnt at kalik.net>:
>
>> Use groups in ldap and configure groupmembership part of radiusd.conf
>> ldap configuration. Add users to the groups and use:
>>
>> DEFAULT   Ldap-Group = "heure", Max-Daily-Session := 3600
>>
>> to set the attributes. Don't use Auth-Type. Ldap module should set
>> Auth-Type ldap (see set_auth_type configuration option) itself.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 16/5/2008, "tribestom" <tribes.tom at gmail.com> piše:
>>
>> >Hi
>> >
>> >I have a little hard to configure freeradius. here is what i want to
>> >do :
>> >
>> >I want to run an hotspot with different accounts which give different
>> >connection time.
>> >
>> >I have an openldap server  with this organisation :
>> >
>> >       dc=com
>> >          |
>> >       dc=exempl
>> >
>> >       |       |
>> >   ou=heure    ou=jour
>> >    |             |
>> > uid=user1      uid=user2
>> >
>> >
>> >What i have running now :
>> >
>> >I can authenticate a users with a time limit.
>> >
>> >Here is my users file :
>> >
>> >DEFAULT        Auth-Type = ldap,Max-Daily-Session := 3600
>> >
>> >I want add a second line with correspond to a day like this :
>> >
>> >DEFAULT        Auth-Type = ldap,Max-Daily-Session := 86400
>> >
>> > and i want that user from ou=heure use the first one and user from
>> >ou=jour use the policy with a day time
>> >
>> >which attribute should i add to this line or how should i do to realize
>> >this. I haven t found any clue on the net how to do this.
>> >
>> >Here is my ldap conf in radiusd.conf :
>> >
>> >server = "192.168.20.240" # ip de la machine avec le serveur ldap
>> >               identity = "cn=admin,dc=exempl,dc=lcom" # login sur le
>> serveur ldap
>> >               password = "******" # mots de passe sur le serveur ldap
>> >               basedn = "dc=exempl,dc=com" # base de recherche sur le
>> serveur ldap
>> >               filter ="uid=%u" # filtre de recherche ( ici tout
>> utilisateur )
>> >               ldap_connections_number = 5 # nombre de tentative de
>> connection
>> >               timeout = 4
>> >               timelimit = 3
>> >               net_timeout = 1
>> >               tls {
>> >                       start_tls = no
>> >               }
>> >               dictionary_mapping = ${raddbdir}/ldap.attrmap
>> >               edir_account_policy_check = no
>> >
>> >Sorry for my bad english and thanks for your help
>> >
>> >If you need more informations just tell me
>> >
>> >
>> >Tribolet
>> >Thomas
>> >
>> >
>> >
>> >
>> >
>> >-
>> >List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> >
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080519/6c37517f/attachment.html>


More information about the Freeradius-Users mailing list