I need to allow users from a wireless access point by MAC address (it comes
as a userid) and then if the MAC address is not defined in the users file to
check their userid/password against a LDAP database. I now had an
additional requirement put on that I need to check the values of an
attribute in the LDAP database.
I have it working fine checking the MAC address, then if it's not defined
in the local users file, rejecting access if the userid is the form of
a MAC address (12 hex digits), then if it's not a MAC address checking
the userid/password against LDAP.
I can't get the attribute value checking to work. I've tried mapping the
attribute in the ldap.attrmap file,
checkItem WirelessStatus WirelessStatus
and checking the value in the users file. I'm not getting that to work.
I also tried adding the attribute in the LDAP filter in radiusd.conf,
as a long shot), then nothing in LDAP works
filter = "(&(cn=%{User-Name})(WirelessStatus=ACTV))"
with
filter = "(cn=%{User-Name})"
being the working line just doing userid/password checking.
I was hoping someone might have some suggestions. Is the users file
the place to do this, and I just need to get my syntax working, or since
the users file is checked then falls through to LDAP is out of the picture
at that point?
--
Hans K. Fiedler Information Technology
Network Analyst Communications Services
[EMAIL PROTECTED] University of Louisville
Louisville, Ky. 40292
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
