Different reply items out of LDAP depending on the NAS
Peter Lambrechtsen
plambrechtsen at gmail.com
Fri Aug 28 19:36:08 CEST 2009
On 28/08/2009, at 10:38 PM, "Ivan Kalik" <tnt at kalik.net> wrote:
>> I am trying to have a granular based reply items depending on the
>> NAS they
>> connected to all driven using attributes in LDAP without needing to
>> use
>> realms.
>>
>> IE User A passes just User&Password to NAS A. and gets reply attr
>> "Service-Type=admin", and the admin comes from an LDAP Attribute
>> "nasA"
>> attribute in LDAP
>> Same user logs into NAS B and gets back a "Service-Type=user" and the
>> value
>> user comes from an attribute "nasB".
>>
>> Looking through the ldap.attrmap it seems to be a static mapping for
>> Service-Type to be staticly set to a single value from LDAP, but what
>> happens if I want that value to be different depending on which NAS
>> I have
>> connected from.
>>
>> Have searched around and havn't found any documents talking about
>> how to
>> have this grainular level of configuration.
>
> Well, you have custom attributes in Ldap - translate them to custom
> attributes in radius (define them first in raddb/dictionary and map
> them
> in ldap.attrmap, lets say nasA to nasA as replyItem, etc.)
>
> Then use unlang to set service type:
>
> if(NAS-IP-Address == NAS A IP) {
> update reply {
> Service-Type = "%{reply:nasA}"
> }
> }
> elsif(NAS-IP-Address == NAS B IP) {
> ...
Ahhh I knew there must be an easy way. This is exactly what I was
looking for. I will have a play and post my results. Or update the wiki.
Many thanks!!
>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list