On Thu, 25 Sep 2003, Ossama Suleiman wrote:
> dear all, > > while authenticationg against ldap i enabled the compare_check_items > = yes, cause i wanted to use nas-port-type based authentication, because > i have to kinds of users, analog and ISDN, in order to prevent analog > users from using ISDN services > which is working fine now > > but the problem i faced is in simultenous-use, as it is a check item > too, if the radius don't receive it while authenticating the user, the > user get's rejected > > beside i want to use simultenous-use to differentiate between > isdn64K and isdn 128K > > any help?? > > thanks and best regards > > ossama > You could try using Groups instead. in your ldap directory, say you have a user named test that has async access and test1 that has isdn access dn: uid=test,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: test radiusgroupname: dial dn: uid=test1,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: test radiusgroupname: isdn Then in your users file you have DEFAULT NAS-Port-Type == ISDN, Ldap-Group == isdn Fall-Through = no DEFAULT NAS-Port-TYpe == Async, Ldap-Group == dial Fall-Through = no DEFAULT Auth-Type := Reject Reply-Message = "Please call ...." Then in radiusd.conf in your ldap section, you define the attribute that corresponds to ldap-group. groupmembership_attribute = radiusGroupName Here is what happens. User dials in and hits radius server with NAS-Port-Type = Async. Radius will lookup the user in the ldap directory and look for the attribute radiusGroupName = dial. If the user has that particular attribute set, it will authorize the user. If not, then it will fall through to Reject. The same with the isdn users when they connect. If the users are able to have access to both, then include both radiusGroupName entries. ie. dn: uid=test2,ou=users,ou=radius,dc=mydomain,dc=com objectclass: radiusprofile uid: test radiusgroupname: isdn radiusgroupname: dial Hope that is helpful. Dustin Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
