On Thu, 29 Aug 2002 [EMAIL PROTECTED] wrote: > > Hi, > > On Wed, 28 Aug 2002, Kostas Kalevras wrote: > > > A huntgroup (if we are talking about the same thing) is defined in the > > huntgroups file in freeradius. Defining it in ldap is of no use. You can do much > > more cleaver things with the huntgroups file. You could use though the > > Huntgroup-Name and User-Profile attributes and define separate user profiles for > > each hungroup. In more detail: > > Yes, we're talking about the same thing :)
Probably not :-) The huntgroups are defined based on NAS ip adresses and ports. If i understand you correctly you want group membership. > > FYI, my users are stored in LDAP and gets authenticated via > > Auth-Type := LDAP > > I already tried using the Huntgroup-Name attribute but it was never > matched. IIRC, the group name was being checked against the system group > file. How could I tell freeradius to check the group membership on an LDAP > server? And check it for any match on the users file? > > What I'm trying to accomplish is to check every user who log in for their > group membership then compare if it has a DEFAULT entry match on the users > file, then run an external program which calculates its remaining time and > return the Session-Timeout attribute. You could also check the counter module, if you want to impose user time limits. > > Here's an entry from my users file: > > DEFAULT Huntgroup-Name == "testing" > Exec-Program-Wait = "/usr/local/sbin/testing %u %n %p", > Fall-Through = Yes > > I've read some docs re: Ldap-Group attribute but it requires that every > user dn must be entered on its group dn. > > For example, > > dn: cn=users,ou=groups,dc=foo,dc=com > objectClass: posixGroup > objectClass: groupOfUniqueNames > cn: users > gidNumber: 1101 > memberUid: arise > uniqueMember: uid=arise,ou=People,dc=foo,dc=com > > This works well if you have few users but what if you have 10,000+ > users in different hungtgroups? You need to add all of them on its > own group dn. > > Is there any other way of doing this? Like checking the radiusHuntgroupName > attribute then compare if it matches on the huntgroups file. > > Is there anything I miss here? > > Thanks for the time. > > regards, > > Ron > Check the groupmembership_attribute in doc/rlm_ldap. You should just add a group membership attribute in the user entries with the name or DN of the group the users belongs to. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html