UNCLASSIFIED
> -----Original Message----- > From: > [EMAIL PROTECTED] eradius.org [mailto:freeradius-users-> [EMAIL PROTECTED] On > Behalf Of Giovanni Lovato > Sent: Saturday, 1 March 2008 11:23 > To: FreeRadius users mailing list > Subject: Reply-Items in Ldap-Group > > I wish to assign various Reply-Items to a group defined in LDAP, and > then configuring FreeRADIUS to fetch those Reply-Items whenever a user > belonging to that group authenticates. Is that possible? > > Thank you! > You can use an indirect method: In users you can specify: DEFAULT Ldap-Group == "netops", User-Profile:='cn=netops,ou=profiles,dc=example' In ldap: dn: cn=netops,ou=Profiles,dc=example objectClass: radiusprofile objectClass: applicationProcess objectClass: top cn: netops description: Profile for all devices for netops users radiusReplyItem: Passport-Customer-Identifier = 0 radiusReplyItem: Passport-Command-Scope = network radiusReplyItem: Passport-Allowed-Access = telnet radiusReplyItem: Passport-Allowed-Access += ftp radiusReplyItem: Passport-Allowed-Access += fmip radiusReplyItem: Passport-Allowed-Access += local radiusReplyItem: Passport-Login-Directory = / radiusReplyItem: Passport-Timeout-Protocol = enabled radiusReplyItem: Passport-AllowedOut-Access = telnet radiusReplyItem: Reply-Message := "Hello Network Administrator." radiusReplyItem: Passport-Command-Impact = configuration radiusReplyItem: Access-Level = RW radiusServiceType: Administrative-User Of course, the group record itself can be the profile. In my case, groups are defined using the radiusgroupname attibute in the users record. If you are using groupofnames then you could do : DEFAULT Ldap-Group == "netops", User-Profile:='cn=netops,ou=groups,dc=example' Regards, Frank Ranner
Classification=UNCLASSIFIED Precedence=ROUTINE
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html