On Wed, 12 Jun 2002, Adi Linden wrote: > > Add an attribute like radiusMaxDailySession in your ldap schema (and in the > > radiusprofile aobjectclass). Also add it in ldap.attrmap like: > > > > checkItem Max-Daily-Session radiusMaxDailySession > > > > Then you can just set it to whatever value you wish for each user. > > Great, this is exactly what I'd like to happen. > > > > How do I retrieve the pool information from ldap? Can I keep the poolname > > > in an attribute such as knetRadiusPool? Where do I define the pool and > > > associated ip addresses? > > > > > > You could either use the radiusReplyItem like this: > > > > radiusReplyitem: Cisco-AVPair := "ip:addr-pool=mypoolname" > > > > or create your own attribute which you should add to the radiusprofile > > objectclass and ldap.attrmap. > > You define the pool inside your nas. > > Can I define an attribute to contain the profile a user belongs to and > then refer to this attribute value in the users file? > > "doc/rlm_ldap" has a section: > > USER PROFILE ATTRIBUTE: > > The module can use the User-Profile attribute. If it is set, it will > assume that it contains the DN of a profile entry containing radius > attributes. This entry will _replace_ the default profile directive. > That way we can use different profiles based on checks on the radius > attributes contained in the Access-Request packets. For example (users > file): > > DEFAULT Service-Type == Outbound-User, User-Profile := >"uid=outbound-dialup,dc=company,dc=com" > > I assume that the User-Profile refers to the following line in > "radiusd.conf": > > # profile_attribute = "radiusProfileDn" > > Will this work if the DN doesn't exist on the ldap server, or can I use > any string instead of valid DN and have this in ldap: > > radiusProfileDn: knetonly > > and in users: > > DEFAULT Service-Type == Framed-User, User-Profile == "knetonly"
No you can't. Both have to point to valid DN's in your tree. The profile_attribute is an attribute contained in the user entry pointing to the profile to be applied for the user, while User-Profile contains the profile to be applied in special cases instead of the default profile (I use it to implement Large Scale Dialout where I don't need the default reply items contained in the default profile). > > Thank you for answering my questions. This has been tremendously helpful > in getting things going! > > Thanks, > Adi > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
