How to store clients.conf in LDAP?
c0re
nr1c0re at gmail.com
Wed Feb 2 10:53:47 CET 2011
Actually it was here
http://lists.freeradius.org/pipermail/freeradius-users/2010-October/msg00058.html
But Peter Lambrechtsen uses Novell eDirectory, so from his howto
<quote>
Then create two OU's under Radius. Elements and Roles
OU=Elements,OU=Radius,DC=ACME,DC=COM
Elements will hold a record of every NAS in your Network. You will
create Group objects based on the IP Address of the NAS and set the
"Location" or "l" attribute to the NAS Huntgroup the NAS belongs to
allow them to be centrally managed in LDAP.
IE
CN=10.1.2.3,OU=Elements,OU=Radius,DC=ACME,DC=COM
With a "l" value of "CiscoRTR" for a Cisco Router that has a
NAS-IP-Address or Source-IP-Address of 10.1.2.3. This will make more
sense further on.
</quote>
But what objectClass is it with "l" attribute?
When I tried to implement it I stuck with this. Any comments welcome!
2011/2/2 Fajar A. Nugraha <list at fajar.net>:
> On Wed, Feb 2, 2011 at 3:57 PM, c0re <nr1c0re at gmail.com> wrote:
>> But when I add new device I always have to edit clients.conf, add new
>> IP address and secret. I do not want to use 0.0.0.0 and same secret
>> for all devices.
>>
>> Is it possible to store device secrets in openldap? If yes, please,
>> point me to right direction.
>
> Try this from the list archive:
> http://freeradius.1045715.n5.nabble.com/HOWTO-Centralised-LDAP-Authentication-Part-2-Using-dyamic-clients-instead-of-huntgroups-td3201125.html
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list