Re:- Authenticating user with FDS
Yes, that method is working fine.
Thank you very much for your help.
Hariharan R wrote:
Hi all,
I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend
data store.
Let us consider the scenario..
I have two servers, one is a mail server and another one is a proxy
server. Both servers are configured to use RADIUS+FDS for user
authentication. In FDS i have two organizational unit under root domain.
For Ex;
ou=mailusers,dc=example,dc=com
ou=proxyusers,dc=example,dc=com
In the 'raddb/radiusd.conf' file i specified the base domain as
(In LDAP module)
basedn = dc=example,dc=com
So whenever a client request comes to the RADIUS server it will look
for the username in FDS.
The problem is, how the RADIUS will identify that whether the request
is comes from the 'mail server' or from the 'proxy server'. Because for
mailserver users i have to look in the ou=mailusers,dc=example,dc=com
and for proxy users i have to look in the
ou=proxyusers,dc=example,dc=com.
Try this:
/etc/raddb/huntgroups:
mailNAS-IP-Address == the.mail.server.ip
proxy NAS-IP-Address == the.proxy.server.ip
/etc/radiusd.conf:
modules {
ldap {
basedn = ou=%{Huntgroup-Name},dc=example,dc=com
}
}
How i can change the LDAP basedn according to the request.
Use any string expansion you like, as above.
---
Regards,
Hariharan.R
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating user with FDS
Hi all, I am using FreeRADIUS1.1.1 with Fedora Directory server as a backend data store. Let us consider the scenario.. I have two servers, one is a mail server and another one is a proxy server. Both servers are configured to use RADIUS+FDS for user authentication. In FDS i have two organizational unit under root domain. For Ex; ou=mailusers,dc=example,dc=com ou=proxyusers,dc=example,dc=com In the 'raddb/radiusd.conf' file i specified the base domain as (In LDAP module) basedn = dc=example,dc=com So whenever a client request comes to the RADIUS server it will look for the username in FDS. The problem is, how the RADIUS will identify that whether the request is comes from the 'mail server' or from the 'proxy server'. Because for mailserver users i have to look in the ou=mailusers,dc=example,dc=com and for proxy users i have to look in the ou=proxyusers,dc=example,dc=com. How i can change the LDAP basedn according to the request. Any one pls help me to solve this problem. If u have some other method to achieve my objective pls let me know. --- Regards, Hariharan.R - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication by validating RADIUS attribute value
---BeginMessage--- Hi all, I am using FreeRADIUS1.1.1 and Fedora directory server7.2 as the LDAP backend to store all the user information. I configured RADIUS to contact LDAP server for authenticate the user request. I have to implement the following requirement, For each user in the LDAP server i will set some value to the RADIUS attribute , say for eg Filter-ID = 100 If an authentication request comes to the RADIUS server it will contact the LDAP server, if the user is present in the LDAP server the RADIUS will authenticate the user. What i want is, i want to authenticate the user by validating the value of the RADIUS attribute in LDAP server. For example if the Filter-ID is 100 for user 'jack' i have to authenticate. If 'jack' has Filter-ID as 123 i should not authenticate. Is i have to call a script before authenticating an user? If it is so how i can call and from which file i have to define the entries? What are the various methods by which i can achieve the above? Anyone pls help me to get rid of the problem. Thanks in advance. Pls give me the complete details. --- Regards, Hariharan.R ---End Message--- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
