How to differentiate between vpn user and appliance user?
D C
dc12078 at gmail.com
Mon Jul 27 15:09:32 CEST 2015
I don't think that what I'm trying to do is complex at all. I shouldn't
need any additional ldap changes, all the information needed is already
present. I may consider the vhosts at some point if this gets any further
complications. If anything just to "help" safe guard from configuration
mistakes.
Thanks,
Dan
On Mon, Jul 27, 2015 at 4:08 AM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > Ah ok, I tried authenticate with no luck. Now I'm using authorize, but
> > still having the same issue. It looks like the ldap module is
> authorizing
> > the request, so even now I am still too late in the pipeline.
>
> you're making this more complex..... just check if the Connect-Info is
> there
> and what value is it...and if its there then send the request to a new
> virtual
> server based on the value it is. this completely seperates the policy
> requirements for authentication. one virtual-server deals with admin
> logins (very easy), the other deals with user logins (very easy). instead,
> you are trying to put all requirements into a single virtual-server which
> will need all sorts of extra LDAP checks and changes (not so easy).
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list