let radius distinguish more cases
alois blasbichler
alois.blasbichler at sb-brixen.it
Tue Oct 28 10:36:41 CET 2008
hello list
I have a question to understanding better radius.
For this i make a simple example-scenario :
I want to use my radius for 2 things :
1. wireless-access for laptops with machine authentication over a
wireless switch with ip 1.1.1.1
2. authentication for the login to my switches for some admin-users
My machines (case 1) are in a samba-domain and saved in a openldap-DB
in the tree :
basedn = "ou=samba-machines,dc=sb-brixen,dc=it"
My users (case 2), where i select my admins with a ldap-filter are
also in an openldap-dB in the tree:
basedn = "ou=users,dc=sb-brixen,dc=it"
How and where i distinguish this 2 cases?
In the standard configuration, what i have understood radius let try
the clients a lot of possibilities and i have read its better to not
restrict the auth-methods.
A possibility to solve my question is to make 2 files under /modules
like ldap1 and ldap2 for my separate cases - but now my problem :
Where i say that my wireless switch gos to ldap1 (with mschap) and my
switches (for example all the network 1.1.20.x) gos to ldap2 (with
ldap-authentication) : in users, or maybe in
raddb/sites-available/default
In clients.conf i have defined my switches and my network.
For the users-file i have seen som examples like :
DEFAULT Huntgroup-Name = "vpn-pix",Auth-Type := ldap
But where i define "Huntgroup-Name = "vpn-pix"" is this the normal
name in the client.conf ?
Thank you for a response
luis
More information about the Freeradius-Users
mailing list