I know this question has been asked many times before. I have searched
the archives and I have tried what I've found there, but I can't seem to
get this working.
RedHat EL 4 (managed through RHN, so latest available versions)
freeradius-1.0.1-3
openldap-2.2.13-6
I have 4 NAS-IP-Addresses.
My users are split into 6 groups (some are in multiple groups): public,
faculty, staff, student, vpn, and admin.
I would like the users to get access to the NAS by virtue of being in a
group.
192.168.1.1
admin
192.168.1.2
vpn
192.168.1.3 & 192.168.1.4
faculty, staff, student & public
What steps do I need to follow to implement this? I have tried many
combinations in "huntgroups", "users", and "radiusd.conf".
Any directions or urls to documentation would be appreciated.
Thank you.
--
Karen R. McArthur <[EMAIL PROTECTED]>
Systems Administrator
Information and Library Services, Bates College
Lewiston, Maine 04240 USA
ph:(207)786-8236 fax:(207)786-6057
*****some ldif output******
dn: uid=user1,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: staff
radiusGroupName: vpn
radiusGroupName: admin
dn: uid=user2,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: student
dn: uid=user3,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: faculty
radiusGroupName: vpn
dn: cn=vpn,ou=ldap-auth,dc=example,dc=com
objectClass: groupOfNames
cn: vpn
member: uid=user1,ou=People,dc=example,dc=com
member: uid=user3,ou=People,dc=example,dc=com
dn: cn=vpn,ou=profiles,ou=radius,ou=services,dc=example,dc=com
objectClass: radiusprofile
cn: vpn
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None
*********** radiusd.conf ************
ldap {
server = "ldap.example.com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
basedn = "ou=People,dc=example,dc=com"
identity = "cn=lnxproxy,ou=LDAPauth,dc=example,dc=com"
password = itsasecret
start_tls = no
tls_cacertfile = /usr/share/ssl/certs/ca-cert.pem
tls_cacertdir = /usr/share/ssl/certs/
tls_certfile = /usr/share/ssl/certs/cert.pem
tls_keyfile = /usr/share/ssl/certs/key.pem
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
groupname_attribute = cn
groupmembership_filter = "(&(objectClass=GroupOfNames)(member=%{
Ldap-UserDn}))"
groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
}
***** users *****
DEFAULT Auth-Type = LDAP Fall-Through = 1
DEFAULT Ldap-Group == "cn=vpn,ou=ldap-auth,dc=example,dc=com",
Fall-Through = no
********** huntgroups **********
admin NAS-IP-Address == 192.168.1.1
Session-Timeout = 60,
Idle-Timeout = 30,
Ldap-Group = admin
public NAS-IP-Address == 192.168.1.3
NAS-IP-Address == 192.168.1.4,
Idle-Timeout = 3600,
Ldap-Group = public,
Ldap-Group = faculty,
Ldap-Group = staff,
Ldap-Group = student
vpn NAS-IP-Address == 192.168.1.2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
