Mac Auth against LDAP
Nikolaos Milas
nmilas at noa.gr
Fri Aug 23 19:30:03 CEST 2013
On 23/8/2013 7:25 μμ, Arran Cudbard-Bell wrote:
> See ldap_xlathttp://wiki.freeradius.org/modules/Rlm_ldap
>
> Use a query that searches for the value of NAS-IP-Address in the user object in a custom attribute.
>
> If the query expands to something other than a zero length string, the attribute exists.
>
> authorize {
> if ("%{ldap:<query>}" == '') {
> reject
> }
> }
Thanks Aran,
I'll focus on the 1st part for now.
I understand that the value of NAS-IP-Address (CheckItem) can be checked
against '%{Packet-Src-IP-Address}'. Right?
authorize {
if ("%{ldap:<query>}" == '%{Packet-Src-IP-Address}') {
# accept
update control {
Auth-Type := Accept
}
}
else {
reject
}
}
Is there a way to also check the port of the NAS being used by the host
to connect as well (I guess the NAS should provide this info somehow
during auth)?
Thanks again,
Nick
More information about the Freeradius-Users
mailing list