many many thanks, it is very useful but there is one thing left, i would be very grateful if you can help me with it
i have to different isdn types isdn 64k (simultenous-use=1) and isdn 128k (simultenious-use=2) if i define it by nas-port-type in the users file, i won't be able to differntiate between user: isdn64 and isdn128 beside i in the rare case that a user wants to use the same username and password pair with say 30 connections (simultenous-use=30) how will i be able to define a SPECIAL case like that?? should i create him too a new group?? and how should i define that group in the users file?? Thank you so much for your help best regards ossama ----- Original Message ----- From: "Dustin Doris" <[EMAIL PROTECTED]> To: "freeradius-users" <[EMAIL PROTECTED]> Sent: Thursday, September 25, 2003 7:02 PM Subject: Re: ldap authentication / simultenious-use > > > On Thu, 25 Sep 2003, Ossama Suleiman wrote: > > > dear all, > > > > while authenticationg against ldap i enabled the compare_check_items > > = yes, cause i wanted to use nas-port-type based authentication, because > > i have to kinds of users, analog and ISDN, in order to prevent analog > > users from using ISDN services > > which is working fine now > > > > but the problem i faced is in simultenous-use, as it is a check item > > too, if the radius don't receive it while authenticating the user, the > > user get's rejected > > > > beside i want to use simultenous-use to differentiate between > > isdn64K and isdn 128K > > > > any help?? > > > > thanks and best regards > > > > ossama > > > > You could try using Groups instead. > > in your ldap directory, say you have a user named test that has async > access and test1 that has isdn access > > dn: uid=test,ou=users,ou=radius,dc=mydomain,dc=com > objectclass: radiusprofile > uid: test > radiusgroupname: dial > > dn: uid=test1,ou=users,ou=radius,dc=mydomain,dc=com > objectclass: radiusprofile > uid: test > radiusgroupname: isdn > > Then in your users file you have > > DEFAULT NAS-Port-Type == ISDN, Ldap-Group == isdn > Fall-Through = no > > DEFAULT NAS-Port-TYpe == Async, Ldap-Group == dial > Fall-Through = no > > DEFAULT Auth-Type := Reject > Reply-Message = "Please call ...." > > Then in radiusd.conf in your ldap section, you define the attribute that > corresponds to ldap-group. > > groupmembership_attribute = radiusGroupName > > Here is what happens. > > User dials in and hits radius server with NAS-Port-Type = Async. Radius > will lookup the user in the ldap directory and look for the attribute > radiusGroupName = dial. If the user has that particular attribute set, it > will authorize the user. If not, then it will fall through to Reject. > The same with the isdn users when they connect. > > If the users are able to have access to both, then include both > radiusGroupName entries. > > ie. > > dn: uid=test2,ou=users,ou=radius,dc=mydomain,dc=com > objectclass: radiusprofile > uid: test > radiusgroupname: isdn > radiusgroupname: dial > > > Hope that is helpful. > > Dustin Doris > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
