-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Joyce Sent: 30 November 2004 19:37 To: [EMAIL PROTECTED] Subject: Hello, my first question
Hello all, I am new to the list and new to Radius. Radius was set up prior to me. I am sure I will get a lot of help from here when the docs are not specific to my issue. I am using Sun One DS 5.2 as my authentication source and freeradius-0.8-1 on RH Linux. I did not extend the schema to included the radius object class. How can I properly deny certain users or groups from being able to dial in and establish PPP sessions? I am a little confused after reading http://www.freeradius.org/radiusd/doc/rlm_ldap and http://www.freeradius.org/faq/#5.2. This is my users file - stxlib Password == "******" Service-Type == Login-User, Login-IP-Host == hostname, Login-Service == Telnet, Login-TCP-Port == 23 DEFAULT Auth-Type := LDAP, Prefix == "P", Strip-User-Name == Yes Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-Routing = None, Framed-MTU = 1500, Session-Timeout := 14400, Idle-Timeout := 900, Fall-Through = Yes and the portion of my radius.conf that I think is relevant - modules { pam { # pam_auth = radiusd pam_auth = system-auth } ldap { server = "ahost" #port = 636 port = 389 # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "dc=uvi,dc=edu" filter = "(uid=%u)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database. start_tls = no # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_group = "cn=DialupUsers,ou=DialUsers,o=uvi.edu" #access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. #dictionary_mapping = ${raddbdir}/ldap.attrmap # ldap_cache_timeout = 120 # ldap_cache_size = 0 ldap_connections_number = 5 # password_header = "{clear}" # password_attribute = userPassword # Next 2 lines uncommented 20 Mar 2003 -jrl groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupO fUniqueNames)(uniquemember=%{Ldap-UserDn})))" timeout = 4 timelimit = 3 net_timeout = 1 # compare_check_items = yes # access_attr_used_for_allow = yes } # Livingston-style 'users' file # files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Framed-IP-Address}/detail detailperm = 0600 } Thanks for your help Wesley Joyce "If you can't explain it simply, then you don't know it well enough. - Unknown." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html