Unlang authentication help

Scott Angus uberangus at gmail.com
Thu Jun 25 21:35:26 CEST 2009


hello,
  I'm trying to use unlang to limit LDAP user's access to different network
devices. Here is what I have so far in the site-enable/default:

Auth-Type LDAP {
                ldap

                if(NAS-IP-Address == 10.1.1.1 && LDAP-Group ==
'RouterAdmin') {
                        ok
                }
                else {
                        reject
                }
        }


Right now that works if your LDAP radiusGroupName = RouterAdmin and you are
trying to connect to 10.1.1.1 but i would like to add NAS-IP-Addresses and
associate them with a radiusGroupName. This is were I'm having trouble. It
would be nice it I could just reference a file for the IP's like:

RouterAdminList = /usr/local/etc/raddbd/devices/RouterAdmin

if(NAS-IP-Address == %{RouterAdminList} && LDAP-Group == 'RouterAdmin') {

And have multiple lines.:

if(NAS-IP-Address == %{RouterAdminList} && LDAP-Group == 'RouterAdmin') OR
if(NAS-IP-Address == %{SwitchAdminList} && LDAP-Group == 'SwitchAdmin') OR
if(NAS-IP-Address == %{WifiAdminList} && LDAP-Group == 'WifiAdmin') {
      ok
                }
                else {
                        reject
                }
        }

How would i do that? And how would list the IP address in the files?


Thanks for your help,

Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090625/83a6f20f/attachment.html>


More information about the Freeradius-Users mailing list