You'll still need to configure the ippool modules and include those in the accounting section and post-auth section. Forgot to include that in the last email. A radiusd -X will show you exactly what is going on. If it doesn't work, please post that to the list will all output.
ie: accounting { ... u2labo u3labo ... } post_auth { ... u2labo u3labo ... } On Wed, 17 Nov 2004, LALOT Dominique wrote: > Thanks, > > I have to leave, but the quick and last test I did with your advice, > gave me bad results. See tomorrow.. > Using radtest, I don't get any IP, and there is very little doc about > ippool and the way it works. > > I suppose that the NAS is completely relying on radius for IP delivery. > I'm wondering what happen in case of the failure of the main radius server. > > Dom > > Dustin Doris a écrit : > > >>Hello all, > >> > >>I've spent quite a long time trying to understand how freeradius works > >>and trying to get everything I want working. > >>I am using Openldap since 2001 and I've no problems to understand LDAP > >>as I wrote many programs around LDAP. In fact I don't understand how > >>groups are working under radius. > >> > >>My aim: I would like to distribute different IP pool for users. > >> > >>The best for me: In the users DN, we already have an attribute for a > >>laboratory, ie u2labo > >>I would like to say: > >>1. authenticate the user in ldap (works ok) > >>2. Get the attribute u2labo > >>3 use that value to get the ip range (somewhere even outside ldap > >>(users)) to distribute the IP. > >> > >>I've tried many configurations without success. The debugging of ldap > >>show me just bind successfull without search for groups. I tried to > >>add radiusprofile Objectclass without success. So what is the meaning > >>of groups in radius?. > >>can we say: > >>user fred attributes XXX member of group test > >>group test the rest of attributes. > >> > >>Could you give me the minimum to set in conf files to get it working? > >> > >>Thanks > >> > >>Dom > >> > >> > >> > > > >You can modify the groupname attribute to be the lab attribute and then > >use that to hand out the pools. > > > >So in radiusd.conf in the ldap section, change groupname_attribute to > >groupname_attribute = laboratory (or whatever that attribute name is) > > > >Then you create an ippool config for each lab. Say you have one called > >u2labo and one called u3labo. > > > >ipppol u2labo { > > configure this... > >} > > > >ipppol u3labo { > > configure this... > >} > > > >Then in the users file, you add something like this > > > >DEFAULT Ldap-Group == u2labo, Pool-Name := "u2labo" > > Fall-Through = no > > > >DEFAULT Ldap-Group == u3labo, Pool-Name := "u3labo" > > Fall-Through = no > > > > > >I think that should do it. > > > >-Dusty Doris > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > > > > > -- > Dominique LALOT > Ingénieur Système Réseau CISCAM Pole Réseau > Université de la Méditerranée > http://annuaire.univ-mrs.fr/showuser.php?uid=lalot > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html