> Hello all,
>
> I've spent quite a long time trying to understand how freeradius works
> and trying to get everything I want working.
> I am using Openldap since 2001 and I've no problems to understand LDAP
> as I wrote many programs around LDAP. In fact I don't understand how
> groups are working under radius.
>
> My aim: I would like to distribute different IP pool for users.
>
> The best for me: In the users DN, we already have an attribute for a
> laboratory, ie u2labo
> I would like to say:
> 1. authenticate the user in ldap (works ok)
> 2. Get the attribute u2labo
> 3 use that value to get the ip range (somewhere even outside ldap
> (users)) to distribute the IP.
>
> I've tried many configurations without success. The debugging of ldap
> show me just bind successfull without search for groups. I tried to
> add radiusprofile Objectclass without success. So what is the meaning
> of groups in radius?.
> can we say:
> user fred attributes XXX member of group test
> group test the rest of attributes.
>
> Could you give me the minimum to set in conf files to get it working?
>
> Thanks
>
> Dom
>
You can modify the groupname attribute to be the lab attribute and then
use that to hand out the pools.
So in radiusd.conf in the ldap section, change groupname_attribute to
groupname_attribute = laboratory (or whatever that attribute name is)
Then you create an ippool config for each lab. Say you have one called
u2labo and one called u3labo.
ipppol u2labo {
configure this...
}
ipppol u3labo {
configure this...
}
Then in the users file, you add something like this
DEFAULT Ldap-Group == u2labo, Pool-Name := "u2labo"
Fall-Through = no
DEFAULT Ldap-Group == u3labo, Pool-Name := "u3labo"
Fall-Through = no
I think that should do it.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
