Yes, I do. Thanks! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Mitchell Sent: Wednesday, April 27, 2005 8:00 AM To: freeradius-users@lists.freeradius.org Subject: Re: Client-specific ldap instances.
Zawacki Jason D Contr AFRL/IFOS wrote: > Hello all. > > I'm trying to get ldap instances working on a per client basis. For > example, any authentication requests coming from host example1 should be > authenticated using the ldap example1 instance, and example2 should be > auth'd using the ldap example2 instance. Maybe I've been staring at > this for too long, but I just can't see how this is done. I've looked > at modifying the users and the clients file and just cannot figure it > out. The ldap username/password lookups work just fine. I'm hoping > that there is an easy answer that I'm oblivious to at this time. My > intent is to use different AD groups to authenticate users from > different hosts and/or services, without having to run different radius > servers. > > Thanks, in advance, for any help! > Jason Hi Jason, I think the easiest way to do what you want is to: 1) Define multiple ldap instances in the modules section of radiusd.conf, eg ldap ldap_client1 { } ldap ldap_client2 { } 2) In the authorize section of radiusd.conf, do something like: Autz-Type LDAP1 { ldap_client1 } Autz-Type LDAP2 { ldap_client2 } 3) Then in the users file: DEFAULT Client-IP-Address == x.x.x.1, Autz-Type := LDAP1 DEFAULT Client-IP-Address == x.x.x.2, Autz-Type := LDAP2 I think you could also do a similar thing for the Auth-Type if you authenticate against LDAP also. Hope you get the idea... cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html