Filter OpenLDAP users account upon Freeradius 3.0.10 NAS-Port-Id

François Lacombe fl.infosreseaux at gmail.com
Thu Dec 10 19:50:21 CET 2015


Hi all,

My Freeradius 3.0.10 setup currently accepts eap-mschapv2 requests by
cheking credentials against LM/NT password checksums obtained from a
LDAP.
The only freeradius client is an IPSec server which forwards EAP
protocol to the radius (strongswan 5.2.1 with eap-radius method)

The LDAP module is configured to let the user connect when the
diallupAccess is set to true.
But it let any users connect to any network my VPN server is offering access to.

What is the best method to filter users depending on which NAS-Port-Id
they are using ?

It will allow me to authorize several users to access any networks
they need to access without puting any network configuration in the
LDAP.


Many thanks in advance for any help to improve this point of config.

François Lacombe
@InfosReseaux



More information about the Freeradius-Users mailing list