Re: help groups and LDAP

[LALOT Dominique]

Thanks, I have to leave, but the quick and last test I did with your advice, gave me bad results. See tomorrow.. Using radtest, I don't get any IP, and there is very little doc about ippool and the way it works. I suppose that the NAS is completely relying on radius for IP delivery. I'm wondering what happen in case of the failure of the main radius server. Dom Dustin Doris a écrit : Hello all, I've spent quite a long time trying to understand how freeradius works and trying to get everything I want working. I am using Openldap since 2001 and I've no problems to understand LDAP as I wrote many programs around LDAP. In fact I don't understand how groups are working under radius. My aim: I would like to distribute different IP pool for users. The best for me: In the users DN, we already have an attribute for a laboratory, ie u2labo I would like to say: 1. authenticate the user in ldap (works ok) 2. Get the attribute u2labo 3 use that value to get the ip range (somewhere even outside ldap (users)) to distribute the IP. I've tried many configurations without success. The debugging of ldap show me just bind successfull without search for groups. I tried to add radiusprofile Objectclass without success. So what is the meaning of groups in radius?. can we say: user fred attributes XXX member of group test group test the rest of attributes. Could you give me the minimum to set in conf files to get it working? Thanks Dom You can modify the groupname attribute to be the lab attribute and then use that to hand out the pools. So in radiusd.conf in the ldap section, change groupname_attribute to groupname_attribute = laboratory (or whatever that attribute name is) Then you create an ippool config for each lab. Say you have one called u2labo and one called u3labo. ipppol u2labo { configure this... } ipppol u3labo { configure this... } Then in the users file, you add something like this DEFAULT Ldap-Group == u2labo, Pool-Name := "u2labo" Fall-Through = no DEFAULT Ldap-Group == u3labo, Pool-Name := "u3labo" Fall-Through = no I think that should do it. -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Dominique LALOT Ingénieur Système Réseau CISCAM Pole Réseau Université de la Méditerranée http://annuaire.univ-mrs.fr/showuser.php?uid=lalot