> Hello all, > > I've spent quite a long time trying to understand how freeradius works > and trying to get everything I want working. > I am using Openldap since 2001 and I've no problems to understand LDAP > as I wrote many programs around LDAP. In fact I don't understand how > groups are working under radius. > > My aim: I would like to distribute different IP pool for users. > > The best for me: In the users DN, we already have an attribute for a > laboratory, ie u2labo > I would like to say: > 1. authenticate the user in ldap (works ok) > 2. Get the attribute u2labo > 3 use that value to get the ip range (somewhere even outside ldap > (users)) to distribute the IP. > > I've tried many configurations without success. The debugging of ldap > show me just bind successfull without search for groups. I tried to > add radiusprofile Objectclass without success. So what is the meaning > of groups in radius?. > can we say: > user fred attributes XXX member of group test > group test the rest of attributes. > > Could you give me the minimum to set in conf files to get it working? > > Thanks > > Dom >
You can modify the groupname attribute to be the lab attribute and then use that to hand out the pools. So in radiusd.conf in the ldap section, change groupname_attribute to groupname_attribute = laboratory (or whatever that attribute name is) Then you create an ippool config for each lab. Say you have one called u2labo and one called u3labo. ipppol u2labo { configure this... } ipppol u3labo { configure this... } Then in the users file, you add something like this DEFAULT Ldap-Group == u2labo, Pool-Name := "u2labo" Fall-Through = no DEFAULT Ldap-Group == u3labo, Pool-Name := "u3labo" Fall-Through = no I think that should do it. -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html