Re: grouping services - LDAP
I've read the doc & do it exactly as suggested and it's working.. thanx!! --haizam - Original Message - From: "Dusty Doris" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Wednesday, July 20, 2005 21:18 Subject: Re: grouping services - LDAP On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote: Hi all, Using Freeradius 1.0.4 (FB 4.11) I want to grouping between dialup & adsl... refer to users file below by if if Ldap-Group ==ADSL is found, should authenticate/authorize by "ldapadsl" and if not found, assuming dialup user and should authenticate/authorize by "ldap1/ldap2" (DIALUP) But the problem, referring to debug log.. doesn't matter whether Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 & ldapadsl i.e checking "adslAccess & dialAcess" atttribute. What i want is that.. If Ldap-Group ==ADSL is found, it should be handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when not found, it will be handled by "ldap1/ldap2" and not checking "ldapadsl" anyone can help.?? thanks Try using Autz Type as well, there is some documentation on it in the doc dir. It might look something like this. DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL DEFAULT Autz-Type := LDAP, Auth-Type := LDAP # authorize { Autz-Type LDAP { redundant { ldap1 ldap2 } } Autz-Type ADSL { ldapadsl } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: grouping services - LDAP
On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote: > Hi all, > > Using Freeradius 1.0.4 (FB 4.11) > > > I want to grouping between dialup & adsl... refer to users file below by > if if Ldap-Group ==ADSL is found, should authenticate/authorize by > "ldapadsl" and if not found, assuming dialup user and should > authenticate/authorize by "ldap1/ldap2" (DIALUP) > > But the problem, referring to debug log.. doesn't matter whether > Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 & > ldapadsl i.e checking "adslAccess & dialAcess" atttribute. > > What i want is that.. If Ldap-Group ==ADSL is found, it should be > handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when > not found, it will be handled by "ldap1/ldap2" and not checking > "ldapadsl" > > > anyone can help.?? thanks Try using Autz Type as well, there is some documentation on it in the doc dir. It might look something like this. DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL DEFAULT Autz-Type := LDAP, Auth-Type := LDAP # authorize { Autz-Type LDAP { redundant { ldap1 ldap2 } } Autz-Type ADSL { ldapadsl } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
grouping services - LDAP
Hi all, Using Freeradius 1.0.4 (FB 4.11) I want to grouping between dialup & adsl... refer to users file below by if if Ldap-Group ==ADSL is found, should authenticate/authorize by "ldapadsl" and if not found, assuming dialup user and should authenticate/authorize by "ldap1/ldap2" (DIALUP) But the problem, referring to debug log.. doesn't matter whether Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 & ldapadsl i.e checking "adslAccess & dialAcess" atttribute. What i want is that.. If Ldap-Group ==ADSL is found, it should be handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when not found, it will be handled by "ldap1/ldap2" and not checking "ldapadsl" anyone can help.?? thanks --haizam ## users file: DEFAULT Ldap-Group == "ADSL", Auth-Type := ADSL DEFAULT Auth-Type := LDAP #3 Debug:- rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with filter (&(jaringConnectionType=ADSL)(&(uid=organza)(objectclass=radiusprofile)))rlm_ldap: object not found or got ambiguous search resultrlm_ldap: ldap_release_conn: Release Id: 0rlm_ldap::ldap_groupcmp: Group ADSL not found or user is not a member. users: Matched entry DEFAULT at line 147. . . rlm_ldap: checking if remote access for organza is allowed by dialupAccess . .. rlm_ldap: no adslAccess attribute - access denied by default authenticate { Auth-Type LDAP { redundant { ldap1 ldap2 } } Auth-Type ADSL { ldapadsl } } # authorize { redundant { ldap1 ldap2 } ldapadsl} # ldap ldap1 { server = "10.1.1.1" basedn = "ou=RADIUS,ou=People,dc=jaring,dc=my" access_attr = "dialupAccess" groupname_attribute = jaringConnectionType groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))" } ldap ldap2 { server = "10.1.1.2" basedn = "ou=RADIUS,ou=People,dc=jaring,dc=my" access_attr = "dialupAccess" groupname_attribute = jaringConnectionType groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))" } ldap adsl { server = "10.1.1.3" basedn = "ou=ADSL,ou=People,dc=jaring,dc=my" access_attr = "adslAccess" groupname_attribute = jaringConnectionType groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))" } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html