On Fri, 2 Jul 2004, Alan DeKok wrote: > Lew A <[EMAIL PROTECTED]> wrote: > > To do this I had to setup some xlat functions, but we're having a problem. > > If say we have a customer tester, he doesn't have any static assignments, > > but he decided to connect to us with a P, it would return a static > > assignment of 255.255.255.255 (basically a null responce from ldap). Which > > gets the user connected, but they can't do anything (obviously). We're > > trying to avoid this. > > My suggestion would be to put the users into groups, and reject them > if they're not doing the right thing. > > e.g. > > DEFAULT Prefix == "P", Group != "allowed_to_use_p", Auth-Type := Reject > Reply-Message = "Go away" >
Not sure that'll work, if I have a customer with 1 static ip (P) and a subnet assigment (S), they will be able to connect with P and S, but not Q. We're only using LDAP as the backend database, so I guess I'd have to use Ldap-Group, but that doesn't let me have more than one 'allowed_to_use_X' value. So <customer> would only be able to use P or Q or S (exclusively), but not any combination of them (inclusively). Thank you, Lew A GWI Operations. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
