Message: 6
Date: Thu, 11 Oct 2007 21:13:21 +0100
From: <[EMAIL PROTECTED]>
Subject: Re: Problem with LDAP and Groups
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-2
If I change the fall through to yes it still matches as many groups as the user
is in. How can I tell freeradius which attributes to send back?
If you want to send sets of attributes according to the NAS user is
trying to log into use huntgroups.
For example, bevege is a member of the following groups, packetshapper, cisco_priv_15, cisco_priv_1, linux.
Your group allocation is wrong. You can't have the same user(name) on
the same device having priv levels 1 and 15. Pick one. Or have him log
in as [EMAIL PROTECTED] and [EMAIL PROTECTED] and use realms to allocate
correct set
of attributes.
Ivan Kalik
Kalik Informatika ISP
Could you please explain a bit more. From what I understand you cannot
use Huntgroups to lookup what group a user is in. I only uses /etc/group
/etc/password. What I would like to do is this. User bevege logs in from
Cisco router. Have the users file somehow detect that the request has
come from a cisco router (by IP I would guess) then validate that the
user is in the correct group and then pass back the specific attributes
just for the cisco. Same thing for packetshapper etc.
Thanks,
Bryan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
