Re: AW: AW: Grouping users and clients
Rascher, Markus wrote: >> No way to store huntgroups directives on LDAP or SQL? > > I worked out a sql scheme to store users and their privileges to access > certain services. > Then i told the radiusd to query a stored procedure on the db, instead > of the standard radcheck-table. In the stored procedure i did some > queries to find find out if the user should have access to the requested > service. > I don't know if this is possible in ldap too... I guess not. Or... # cat huntgroups ServiceAClient-IP-Address == 1.2.3.4 SQL-Group == ServiceA and... mysql> select * from radius.usergroup limit 1; ++-+---+ | id | UserName| GroupName | ++-+---+ | 65 | [EMAIL PROTECTED] | ServiceA | ++-+---+ and it just works. For LDAP, I think you will need LDAP-Group instead of SQL-Group in the huntgroups file. I'm not sure what it will look like in the LDAP schema, but I am pretty sure others are doing this. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: Grouping users and clients
> No way to store huntgroups directives on LDAP or SQL? I worked out a sql scheme to store users and their privileges to access certain services. Then i told the radiusd to query a stored procedure on the db, instead of the standard radcheck-table. In the stored procedure i did some queries to find find out if the user should have access to the requested service. I don't know if this is possible in ldap too... I guess not. Greez Markus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Grouping users and clients
[EMAIL PROTECTED] wrote: Groups of users - usergroup table (standard SQL schema) Groups of devices - huntgroups file No way to store huntgroups directives on LDAP or SQL? G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Grouping users and clients
Groups of users - usergroup table (standard SQL schema) Groups of devices - huntgroups file Ivan Kalik Kalik Informatika ISP Dana 24/5/2007, "Rascher, Markus" <[EMAIL PROTECTED]> piše: >Hi, > >I want to do the same, but with a sql-Database. Are there schemas for grouping >users and devices? > > > >-UrsprĂźngliche Nachricht- >Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Giovanni Lovato >Gesendet: Donnerstag, 24. Mai 2007 10:23 >An: FreeRadius users mailing list >Betreff: Re: Grouping users and clients > >Kostas Kalevras wrote: >> O/H Giovanni Lovato ÎÎłĎ�ÎąĎ�Îľ: >>> Hi all. >>> We have a set of Cisco routers and a pool of users in an LDAP >>> directory. At this time routers are configured to request >>> authentication to FreeRadius, which binds to LDAP and grants access to >>> user on successfully binding. >>> We need to create groups of routers and groups of users, granting >>> accesso to certain groups of routers only to certain groups of users. >>> Can we do that using FreeRadius? >> >> groups of routers = huntgroups >> ldap module provides functionality for group handling. > >Thank you, that is exactly what I mean :) >Can I also define huntgroups on LDAP? I see radiusNASIpAddress and >radiusHuntgroupName on Radius schema for LDAP. > >G.L. >-- >www.aldu.net/~heruan >[EMAIL PROTECTED] > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Grouping users and clients
Hi, I want to do the same, but with a sql-Database. Are there schemas for grouping users and devices? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Giovanni Lovato Gesendet: Donnerstag, 24. Mai 2007 10:23 An: FreeRadius users mailing list Betreff: Re: Grouping users and clients Kostas Kalevras wrote: > O/H Giovanni Lovato έγραψε: >> Hi all. >> We have a set of Cisco routers and a pool of users in an LDAP >> directory. At this time routers are configured to request >> authentication to FreeRadius, which binds to LDAP and grants access to >> user on successfully binding. >> We need to create groups of routers and groups of users, granting >> accesso to certain groups of routers only to certain groups of users. >> Can we do that using FreeRadius? > > groups of routers = huntgroups > ldap module provides functionality for group handling. Thank you, that is exactly what I mean :) Can I also define huntgroups on LDAP? I see radiusNASIpAddress and radiusHuntgroupName on Radius schema for LDAP. G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html