I know this question has been asked many times before. I have searched the archives and I have tried what I've found there, but I can't seem to get this working.
RedHat EL 4 (managed through RHN, so latest available versions) freeradius-1.0.1-3 openldap-2.2.13-6 I have 4 NAS-IP-Addresses. My users are split into 6 groups (some are in multiple groups): public, faculty, staff, student, vpn, and admin. I would like the users to get access to the NAS by virtue of being in a group. 192.168.1.1 admin 192.168.1.2 vpn 192.168.1.3 & 192.168.1.4 faculty, staff, student & public What steps do I need to follow to implement this? I have tried many combinations in "huntgroups", "users", and "radiusd.conf". Any directions or urls to documentation would be appreciated. Thank you. -- Karen R. McArthur <[EMAIL PROTECTED]> Systems Administrator Information and Library Services, Bates College Lewiston, Maine 04240 USA ph:(207)786-8236 fax:(207)786-6057 *****some ldif output****** dn: uid=user1,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: staff radiusGroupName: vpn radiusGroupName: admin dn: uid=user2,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: student dn: uid=user3,ou=People,dc=example,dc=com objectClass: radiusprofile radiusGroupName: faculty radiusGroupName: vpn dn: cn=vpn,ou=ldap-auth,dc=example,dc=com objectClass: groupOfNames cn: vpn member: uid=user1,ou=People,dc=example,dc=com member: uid=user3,ou=People,dc=example,dc=com dn: cn=vpn,ou=profiles,ou=radius,ou=services,dc=example,dc=com objectClass: radiusprofile cn: vpn radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None *********** radiusd.conf ************ ldap { server = "ldap.example.com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" basedn = "ou=People,dc=example,dc=com" identity = "cn=lnxproxy,ou=LDAPauth,dc=example,dc=com" password = itsasecret start_tls = no tls_cacertfile = /usr/share/ssl/certs/ca-cert.pem tls_cacertdir = /usr/share/ssl/certs/ tls_certfile = /usr/share/ssl/certs/cert.pem tls_keyfile = /usr/share/ssl/certs/key.pem dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 groupname_attribute = cn groupmembership_filter = "(&(objectClass=GroupOfNames)(member=%{ Ldap-UserDn}))" groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 } ***** users ***** DEFAULT Auth-Type = LDAP Fall-Through = 1 DEFAULT Ldap-Group == "cn=vpn,ou=ldap-auth,dc=example,dc=com", Fall-Through = no ********** huntgroups ********** admin NAS-IP-Address == 192.168.1.1 Session-Timeout = 60, Idle-Timeout = 30, Ldap-Group = admin public NAS-IP-Address == 192.168.1.3 NAS-IP-Address == 192.168.1.4, Idle-Timeout = 3600, Ldap-Group = public, Ldap-Group = faculty, Ldap-Group = staff, Ldap-Group = student vpn NAS-IP-Address == 192.168.1.2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html