LDAP - dynamic membership checking

Christian Kölpin raptor2101 at gmx.de
Sun Jan 1 14:50:34 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 31.12.2011 16:35, schrieb Jens Weibler:
> my solution
>
> users:
> DEFAULT Huntgroup-Name == "switches", Ldap-Group == "coolguys"
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = "IEEE-802",
> Tunnel-Private-Group-ID = "1337"
>
> huntgroups:
> # Switch XY
> all NAS-IP-Address == X.Y.Z.131, NAS-Port >= 1,NAS-Port
> <= 30
> coolguys NAS-IP-Address == X.Y.Z.131, NAS-Port >= 31,NAS-Port <= 40
you point me in the right direction. My problem was, that the
LDAP-Module was instanced after the files module (those wo process the
users file)  SO the checking never take place. I changed the ordering
of the module and all works fine :)

I modified your solution a little bit so i have a "deny"-logic.
huntgroups:
access-points = NAS-IP-Address == X.Y.Z1.1, NAS-Port = 0
access-points = NAS-IP-Address == X.Y.Z2.1, NAS-Port = 0
access-points = NAS-IP-Address == X.Y.Z3.1, NAS-Port = 0

users:
DEFAULT Huntgroup-Name == "access-points", Ldap-Group != "Wireless",
Auth-Type := Reject
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8AZJwACgkQWaFOsSkiiV+YtQCgiHAEXHrN4btnbnpFmMpByS3z
YdwAoJaiy1fEfToJN/ruWDZJTbpTDqBF
=mXBM
-----END PGP SIGNATURE-----




More information about the Freeradius-Users mailing list