Yes, I do. Thanks!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Mitchell
Sent: Wednesday, April 27, 2005 8:00 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Client-specific ldap instances.
Zawacki Jason D Contr AFRL/IFOS wrote:
> Hello all.
>
> I'm trying to get ldap instances working on a per client basis. For
> example, any authentication requests coming from host example1 should be
> authenticated using the ldap example1 instance, and example2 should be
> auth'd using the ldap example2 instance. Maybe I've been staring at
> this for too long, but I just can't see how this is done. I've looked
> at modifying the users and the clients file and just cannot figure it
> out. The ldap username/password lookups work just fine. I'm hoping
> that there is an easy answer that I'm oblivious to at this time. My
> intent is to use different AD groups to authenticate users from
> different hosts and/or services, without having to run different radius
> servers.
>
> Thanks, in advance, for any help!
> Jason
Hi Jason,
I think the easiest way to do what you want is to:
1) Define multiple ldap instances in the modules section of radiusd.conf, eg
ldap ldap_client1 {
}
ldap ldap_client2 {
}
2) In the authorize section of radiusd.conf, do something like:
Autz-Type LDAP1 {
ldap_client1
}
Autz-Type LDAP2 {
ldap_client2
}
3) Then in the users file:
DEFAULT Client-IP-Address == x.x.x.1, Autz-Type := LDAP1
DEFAULT Client-IP-Address == x.x.x.2, Autz-Type := LDAP2
I think you could also do a similar thing for the Auth-Type if you
authenticate against LDAP also.
Hope you get the idea...
cheers,
Mike
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
