check-item NAS-IP-ADdress & Calling-Station-ID with openldap
François Mehault
Francois.Mehault at netplus.fr
Tue May 19 18:02:06 CEST 2009
Thanks Ivan !
With huntgroup it works perfectly, now I am searching to manage my huntgroup whith ldap, no longer with the file huntgroup.
Each users have the primitive radiusHuntgroupName, but I want to define my huntgroup in ldap, is it possible you think ?
Regards,
Francois
-----Message d'origine-----
De : Ivan Kalik [mailto:tnt at kalik.net]
Envoyé : mardi 19 mai 2009 15:09
À : François Mehault
Objet : RE: check-item NAS-IP-ADdress & Calling-Station-ID with openldap
> Well, I am using checkval to check the attribute NAS-IP-Address, what I
> want : I have several users and several NAS, some users allows to
> authenticate on some NAS, and others not. I use an openldap database. Each
> users have an attribute "radiusCheckItem". I don't know if I am right, if
> it's the good way to do what I need, but I am a novice with freeRadisu and
> OpenLDAP.
Well, if user is going to have only one value for NAS IP, then you don't
need checkval - just map appropriate attribute as check item in
raddb/ldap.attrmap. If he should be allowed on several devices it might be
better to use huntgroups/sqlhuntgroups - as long as there are not too many
combinations.
Same applies to mac address - if user can use only one there is no need to
use checkval.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list